Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2025-65114)

Description

Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1. Users are recommended to upgrade to version 9.2.13 or 10.1.2, which fix the issue.

Remediation

References

Related Vulnerabilities

WordPress Plugin Fancy Slideshows Security Bypass (2.4)

MyBB Improper Input Validation Vulnerability (CVE-2008-4930)

MediaWiki Uncontrolled Recursion Vulnerability (CVE-2022-28201)

WordPress Plugin Social Like Box and Page by WpDevArt Unspecified Vulnerability (0.8.39)

SugarCRM Incomplete List of Disallowed Inputs Vulnerability (CVE-2015-5946)

Severity

High

Classification

CVE-2025-65114 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities