Client-Side Desync Vulnerability in Varnish Cache and Varnish Enterprise
CVE-2025-30346

4.8MEDIUM

Key Information:

Vendor: Varnish-software
Status: Varnish Cache
Vendor: CVE Published:; 21 March 2025

🔔 Create Varnish-software Vulnerability Alert

What is CVE-2025-30346?

A vulnerability has been identified in Varnish Cache and Varnish Enterprise that allows for client-side desynchronization via HTTP/1 requests. This issue can result in unexpected behavior, impacting the reliability and security of services dependent on these versions. Users and administrators must take precautions by upgrading to the latest versions to mitigate potential risks.

Affected Version(s)

Varnish Cache 7.5.0 < 7.6.2

References

https://varnish-cache.org/security/VSV00015.html

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 21, 2025
Vulnerability Reserved
Mar 21, 2025

CVE-2025-30346 Data

JSON