CVE-2025-32094
BaseFortify
Publication date: 2025-08-07
Last updated on: 2025-08-07
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| akamai | ghost | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-444 | The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Akamai Ghost used in the Akamai CDN platform before 2025-03-26. It occurs when a client sends an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header and uses obsolete line folding. This causes a discrepancy in how two in-path Akamai servers interpret the request, allowing an attacker to smuggle a second request inside the original request body.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to smuggle a second HTTP request within the original request body, potentially leading to request smuggling attacks. This can result in unauthorized actions or manipulation of requests passing through the Akamai CDN, impacting the integrity of the communication.