CVE-2025-4366 – Pingora Pingora-proxy Request Smuggling Vulnerability

May 22, 2025

CVE ID : CVE-2025-4366

Published : May 22, 2025, 4:15 p.m. | 31 minutes ago

Description : A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning.

Fixed in: https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff

Impact: The issue could lead to request smuggling in cases where Pingora’s proxying framework, pingora-proxy, is used for caching allowing an attacker to manipulate headers and URLs in subsequent requests made on the same HTTP/1.1 connection.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5081 – Campcodes Cybercafe Management System SQL Injection Vulnerability

Next Article CVE-2025-45468 – FC Stable Diffusion Plus Privilege Escalation Vulnerability

Anthropic proposes transparency framework for frontier AI development

Sonatype Open Source Malware Index, Gemini API Batch Mode, and more – Daily News Digest

15 Top Node.js Development Service Providers for Large Enterprises in 2026

Droip: The Modern Website Builder WordPress Needed

The gaming headset I use every day is slashed to its lowest price ever thanks to Amazon Prime Day — “stellar battery life” awaits

How passkeys work: The complete guide to your inevitable passwordless future

This Sony OLED TV is my pick for best Prime Day deal – and it’s the last chance to get 50% off

Blizzard announces release date for World of Warcraft: The War Within’s 3rd major content patch — a patch that will feature the largest, city-sized raid boss in MMORPG history

Top PHP Projects for B.Tech Students: Learn Real Skills with PHPGurukul Projects

Top PHP Projects for B.Tech Students: Learn Real Skills with PHPGurukul Projects

Deno 2.4: deno bundle is back

From Silos to Synergy: Accelerating Your AI Journey

The gaming headset I use every day is slashed to its lowest price ever thanks to Amazon Prime Day — “stellar battery life” awaits

The gaming headset I use every day is slashed to its lowest price ever thanks to Amazon Prime Day — “stellar battery life” awaits

Blizzard announces release date for World of Warcraft: The War Within’s 3rd major content patch — a patch that will feature the largest, city-sized raid boss in MMORPG history

Microsoft recently raised the price of the Xbox Series S, but these retailers just dropped it back down again — close to the old price, but not for long

CVE-2025-4366 – Pingora Pingora-proxy Request Smuggling Vulnerability

CVE-2025-49697 – Microsoft Office Heap Buffer Overflow Vulnerability

CVE-2025-49701 – Microsoft Office SharePoint Cross-Site Scripting (XSS)

Transformer Meets Diffusion: How the Transfusion Architecture Empowers GPT-4o’s Creativity

Measuring perception in AI models

ETVA: Evaluation of Text-to-Video Alignment via Fine-grained Question Generation and Answering

This $449 Lenovo convertible laptop gets up to 13 hours of battery life

Meta AI Releases V-JEPA 2: Open-Source Self-Supervised World Models for Understanding, Prediction, and Planning

CVE-2024-51979 – HP IPP HTTP Stack Buffer Overflow

Zyxel Patches Privilege Management Vulnerabilities in USG FLEX H Series Firewalls

Microsft says Windows Hello no longer works in the dark, and it’s NOT a bug

CVE-2025-4366 – Pingora Pingora-proxy Request Smuggling Vulnerability

Related Posts