CVE-2025-4366 – Pingora Pingora-proxy Request Smuggling Vulnerability

May 22, 2025

CVE ID : CVE-2025-4366

Published : May 22, 2025, 4:15 p.m. | 31 minutes ago

Description : A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning.

Fixed in: https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff

Impact: The issue could lead to request smuggling in cases where Pingora’s proxying framework, pingora-proxy, is used for caching allowing an attacker to manipulate headers and URLs in subsequent requests made on the same HTTP/1.1 connection.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5081 – Campcodes Cybercafe Management System SQL Injection Vulnerability

Next Article CVE-2025-45468 – FC Stable Diffusion Plus Privilege Escalation Vulnerability

Highlights

CVE-2025-4762 – eSigna eSignaViewer IDOR

May 15, 2025

CVE ID : CVE-2025-4762

Published : May 15, 2025, 12:15 p.m. | 42 minutes ago

Description : Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Sam Altman says ChatGPT’s viral Ghibli effect “forced OpenAI to do a lot of unnatural things”

How to get started with Microsoft Copilot on Windows 11

Microsoft blocks employees from sending emails that mention “Palestine” or “Gaza”

I missed out on the Clair Obscur: Expedition 33 Collector’s Edition but thankfully, the developers are launching something special

Perficient is Shaping the Future of Salesforce Innovation

Perficient is Shaping the Future of Salesforce Innovation

Opal – Optimizely’s AI-Powered Marketing Assistant

Content Compliance Without the Chaos: How Optimizely CMP Empowers Financial Services Marketers

Sam Altman says ChatGPT’s viral Ghibli effect “forced OpenAI to do a lot of unnatural things”

Sam Altman says ChatGPT’s viral Ghibli effect “forced OpenAI to do a lot of unnatural things”

How to get started with Microsoft Copilot on Windows 11

Microsoft blocks employees from sending emails that mention “Palestine” or “Gaza”

CVE-2025-4366 – Pingora Pingora-proxy Request Smuggling Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-48695 – CyberDAVA Privilege Escalation Vulnerability

Panera Bread Hit by Ransomware: Data Breach, Outage, and Unanswered Questions

I tested the SteelSeries Arctis Gamebuds for Xbox — Every gamer should replace their AirPods with these

UK Driving Theory Test

Evaluate large language models for your machine translation tasks on AWS

CVE-2025-4762 – eSigna eSignaViewer IDOR

CVE-2024-57096 – WPS Office Information Disclosure Vulnerability

This month in security with Tony Anscombe – January 2025 edition

Accessibility Testing with Playwright: Expert Guide

CVE-2025-4366 – Pingora Pingora-proxy Request Smuggling Vulnerability

Related Posts