CVE-2025-58136

CWE-670CWE-472CWE-42413 documents10 sources
Severity
7.5HIGH
EPSS
0.2%
top 52.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Traffic ServerApache Software Foundation Apache Traffic Server
Timeline
PublishedApr 2
Latest updateApr 3

Description

A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through 9.2.12. Users are recommended to upgrade to version 10.1.2 or 9.2.13, which fix the issue. A workaround for older versions is to set proxy.config.http.request_buffer_enabled to 0 (the default value is 0).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDapache/traffic_server9.0.09.2.13+1
Debiantrafficserver< 9.2.5+ds-0+deb12u4

🔴Vulnerability Details

5
OSV
CVE-2025-58136: (A bug in POST request handling causes a crash under a certain conditio2026-04-03
OSV
CVE-2025-58136: A bug in POST request handling causes a crash under a certain condition2026-04-02
CVEList
Apache Traffic Server: A simple legitimate POST request causes a crash2026-04-02
GHSA
GHSA-wvq7-4f7c-q7wc: A bug in POST request handling causes a crash under a certain condition2026-04-02
GHSA
yiisoft/yii2 Mishandles the Attaching of Behavior Defined by a `__class` Array Key2025-04-10

📋Vendor Advisories

3
CISA
Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability2025-06-02
CISA
Yiiframework Yii Improper Protection of Alternate Path Vulnerability2025-05-02
Debian
CVE-2025-58136: trafficserver - A bug in POST request handling causes a crash under a certain condition. This i...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-58136 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

2
Bugzilla
CVE-2025-58136 trafficserver: Apache Traffic Server: Denial of Service via POST request handling [fedora-all]2026-04-03
Bugzilla
CVE-2025-58136 trafficserver: Apache Traffic Server: Denial of Service via POST request handling [epel-all]2026-04-03
CVE-2025-58136 (HIGH CVSS 7.5) | A bug in POST request handling caus | cvebase.io