← Back

CVE-2025-66373

nvd nist
Published: Dec 4, 2025Modified: Dec 16, 2025

JSON object

Loading...
4.8
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Exploitability: 2.2 / Impact: 2.5
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing error that can result in HTTP request smuggling. When Akamai Ghost receives an invalid chunked body that includes a chunk size different from the actual size of the following chunk data, under certain circumstances, Akamai Ghost erroneously forwards the invalid request and subsequent superfluous bytes to the origin server. An attacker could hide a smuggled request in these superfluous bytes. Whether this is exploitable depends on the origin server's behavior and how it processes the invalid request it receives from Akamai Ghost.

Affected (1)

Products: Akamai: Akamaighost
Akamai
1 product
Akamaighost
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Akamaighost
Before 2025-11-17

Related CWEs

CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

References (2)

Source: cve@mitre.org
Technical Description
Source: cve@mitre.org
Vendor AdvisoryMitigation

Timeline

No history available yet.