CVE-2025-6442 – WEBrick HTTP Request Smuggling Vulnerability

June 25, 2025

CVE ID : CVE-2025-6442

Published : June 25, 2025, 5:15 p.m. | 1 hour, 24 minutes ago

Description : Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions.

The specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6616 – D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

Next Article CVE-2025-5015 – AccuWeather Custom RSS Widget Cross-Site Scripting Vulnerability

tRPC vs GraphQL vs REST: Choosing the right API design for modern web applications

Jakarta EE 11 Platform launches with modernized Test Compatibility Kit framework

Can Good UX Protect Older Users From Digital Scams?

Warp 2.0 evolves terminal experience into an Agentic Development Environment

Microsoft Copilot secures a spot in classrooms as a “thought partner” — with Copilot Chat backed by OpenAI’s GPT-4o

OpenAI started as a “countervailing force” to Google — did Elon Musk and Sam Altman torpedo DeepMind’s plans to dictate AGI?

Gears of War: Reloaded preorders — where to buy and everything you need to know

OpenAI’s Sam Altman breaks silence on Microsoft feud with Satya Nadella — citing “points of tension” amid evolution plans

Are Semantic Layers Sexy Again? or The Rise and Fall and Rise of Semantic Layers

Are Semantic Layers Sexy Again? or The Rise and Fall and Rise of Semantic Layers

Salesforce Marketing Cloud Engagement vs. Oracle Eloqua

Exploring Lucidworks Fusion and Coveo Using Apache Solr

Microsoft Copilot secures a spot in classrooms as a “thought partner” — with Copilot Chat backed by OpenAI’s GPT-4o

Microsoft Copilot secures a spot in classrooms as a “thought partner” — with Copilot Chat backed by OpenAI’s GPT-4o

OpenAI started as a “countervailing force” to Google — did Elon Musk and Sam Altman torpedo DeepMind’s plans to dictate AGI?

Gears of War: Reloaded preorders — where to buy and everything you need to know

CVE-2025-6442 – WEBrick HTTP Request Smuggling Vulnerability

CVE-2025-36038: Critical RCE Vulnerability Discovered in IBM WebSphere Application Server

Cisco ISE Vulnerabilities June 2025

CVE-2025-34049 – OptiLink ONT1GEW Command Injection

My favorite gaming earbuds now come in orange — but they’re missing one crucial thing that would make me grab another pair

Microsoft waarschuwt voor actief aangevallen RCE-lek in WebDAV

Qualcomm fixes three Adreno GPU zero-days exploited in attacks

Grab this 230-piece Craftsman toolset for just $99 at Lowe’s

CVE-2025-6291 – D-Link DIR-825 HTTP POST Request Handler Stack-Based Buffer Overflow Vulnerability

CVE-2025-3781 – WordPress Raisely Donation Form Stored Cross-Site Scripting Vulnerability

MM-Ego: Towards Building Egocentric Multimodal LLMs

CVE-2025-6442 – WEBrick HTTP Request Smuggling Vulnerability

Related Posts