CVE-2025-6442 – WEBrick HTTP Request Smuggling Vulnerability

June 25, 2025

CVE ID : CVE-2025-6442

Published : June 25, 2025, 5:15 p.m. | 1 hour, 24 minutes ago

Description : Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions.

The specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6616 – D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

Next Article CVE-2025-5015 – AccuWeather Custom RSS Widget Cross-Site Scripting Vulnerability

Highlights

CVE-2025-7075 – BlackVue Dashcam 590X HTTP Endpoint Unrestricted File Upload Vulnerability

July 5, 2025

CVE ID : CVE-2025-7075

Published : July 6, 2025, 12:15 a.m. | 1 hour, 53 minutes ago

Description : A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /upload.cgi of the component HTTP Endpoint. The manipulation leads to unrestricted upload. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing With AI, Not Around It: Practical Advanced Techniques For Product Design Use Cases

Why Companies Are Investing in AI-Powered React.js Development Services in 2025

The coming AI smartphone: Redefining personal tech

Modern React animation libraries: Real examples for engaging UIs

How Debian 13’s little improvements add up to the distro’s surprisingly big leap forward

Why xAI is giving you ‘limited’ free access to Grok 4

How Apple may revamp Siri to a voice assistant I’d actually use (and ditch Gemini for)

I jump-started a bus from the 1930s with this power bank – here’s the verdict

Laravel’s UsePolicy Attribute: Explicit Authorization Control

Laravel’s UsePolicy Attribute: Explicit Authorization Control

The Laravel Way to Build AI Agents That Actually Work

The Laravel Way to Build AI Agents That Actually Work

Microsoft sued over killing support for Windows 10

Microsoft sued over killing support for Windows 10

Grok 4 rolled out for free-tier users worldwide, with some limits

Firefox AI slammed for hogging CPU and draining battery

CVE-2025-6442 – WEBrick HTTP Request Smuggling Vulnerability

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately

BadCam Attack Turns Trusted Linux Webcams into Stealthy USB Weapons

Google’s One AI Premium plan with Gemini Advanced is now free for students – for an entire year

A Beginner Developer’s Guide to Scrum

CVE-2025-52899 – Tuleap User Enumeration Vulnerability

CVE-2025-6502 – Code-projects Inventory Management System SQL Injection Critical Vulnerability

CVE-2025-7075 – BlackVue Dashcam 590X HTTP Endpoint Unrestricted File Upload Vulnerability

CVE-2025-8242 – TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability

Windows 11 24H2 tests toggle to turn off Recommended feed in the Start menu

CVE-2025-5280 – Google Chrome V8 Out-of-Bounds Heap Corruption Vulnerability

CVE-2025-6442 – WEBrick HTTP Request Smuggling Vulnerability

Related Posts