HTTP Request Smuggling Vulnerability in JetBrains Ktor
CVE-2025-29904

5.3MEDIUM

Key Information:

Vendor: Jetbrains
Status: Ktor
Vendor: CVE Published:; 12 March 2025

What is CVE-2025-29904?

An HTTP Request Smuggling vulnerability was discovered in JetBrains Ktor, affecting versions prior to 3.1.1. This vulnerability allows attackers to manipulate requests sent to the server, potentially leading to unauthorized actions or data exposure. It is crucial for users of Ktor to update to version 3.1.1 or later to mitigate the risks associated with this security issue.

Affected Version(s)

Ktor 0 < 3.1.1

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2025
Vulnerability Reserved
Mar 12, 2025

Jetbrains

What is CVE-2025-29904?

Affected Version(s)

References

CVSS V3.1

Timeline