Request Smuggling Vulnerability in HAProxy by HAProxy Technologies
CVE-2023-25725

9.1CRITICAL

Key Information:

Vendor: Haproxy
Status: Haproxy
Vendor: CVE Published:; 14 February 2023

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 17%

What is CVE-2023-25725?

HAProxy versions prior to 2.7.3 contain a vulnerability that may allow an attacker to bypass access controls via improper parsing of HTTP/1 headers, resulting in potential request smuggling. This occurs when certain empty header field names are accepted, leading to truncation of the header list. While the impact is limited for HTTP/2 and HTTP/3 due to the timing of header processing, users operating with HTTP/1.x could face increased risks. Users are advised to upgrade to fixed versions to mitigate these risks.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

LAB-CVE-2023-25725
Created by sgwgsw

References

https://www.haproxy.org/

https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh...

https://lists.debian.org/debian-lts-announce/2023/02/msg0...

mailing-list

EPSS Score

17% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Aug 23, 2023
👾
Exploit known to exist
Aug 23, 2023
Vulnerability published
Feb 14, 2023
Vulnerability Reserved
Feb 13, 2023

Haproxy

Badges

What is CVE-2023-25725?

Exploit Proof of Concept (PoC)

References

EPSS Score

CVSS V3.1

Timeline