CVE-2025-54142
BaseFortify
Publication date: 2025-08-29
Last updated on: 2025-08-29
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| akamai | ghost | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-444 | The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that includes an entity body. It occurs because a subsequent request can be sent within the same persistent connection between an Akamai proxy server and an origin server if the origin server does not adhere to certain Internet standards.
How can this vulnerability impact me? :
The vulnerability can lead to HTTP Request Smuggling attacks, which may allow an attacker to interfere with the way a proxy and origin server communicate. This can result in limited integrity impact, such as unauthorized manipulation of requests, but does not affect confidentiality or availability according to the CVSS score.