Pingora-Proxy Request Smuggling via Cache HITs (Fixed)
CVE-2025-4366 Published on May 22, 2025
Request Smuggling Vulnerability in Pingora
A request smuggling vulnerability identified within Pingoras proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning.
Fixed in: https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff
Impact: The issue could lead to request smuggling in cases where Pingoras proxying framework, pingora-proxy, is used for caching allowing an attacker to manipulate headers and URLs in subsequent requests made on the same HTTP/1.1 connection.
Weakness Type
What is a HTTP Request Smuggling Vulnerability?
When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to "smuggle" a request to one device without the other device being aware of it.
CVE-2025-4366 has been classified to as a HTTP Request Smuggling vulnerability or weakness.
Products Associated with CVE-2025-4366
Want to know whenever a new CVE is published for CloudFlare Pingora? stack.watch will email you.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.