CVE-2025-6442
ADVISORY - githubSummary
Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions.
The specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876.
EPSS Score: 0.00071 (0.222)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
ADVISORY - github
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
NIST
CREATED
UPDATED
ADVISORY IDCVE-2025-6442
EXPLOITABILITY SCORE
2.2
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
5.9mediumGitHub
CREATED
UPDATED
ADVISORY IDGHSA-r995-q44h-hr64
EXPLOITABILITY SCORE
2.2
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.5mediumAlpine
CREATED
UPDATED
ADVISORY IDCVE-2025-6442
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Debian
CREATED
UPDATED
ADVISORY IDCVE-2025-6442
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2025-6442
EXPLOITABILITY SCORE
2.2
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
5.9mediumAmazon
CREATED
UPDATED
ADVISORY IDALAS2-2025-2931
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumAmazon
CREATED
UPDATED
ADVISORY IDALAS2023-2025-1115
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumPhoton
CREATED
UPDATED
ADVISORY ID
CVE-2025-6442
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-