Improper Input Validation in http-proxy-middleware Versions from Chimurai
CVE-2025-32996

4MEDIUM

Key Information:

Vendor: Chimurai
Status: Http-proxy-middleware
Vendor: CVE Published:; 15 April 2025

What is CVE-2025-32996?

The http-proxy-middleware package has a vulnerability that allows the writeBody function to be executed multiple times due to an issue with the logic structure lacking an 'else if' condition. This flaw can lead to improper handling of HTTP requests, potentially causing erroneous behaviors within applications that rely on the middleware. It is essential for developers using this package to upgrade to at least version 2.0.8 or 3.0.4 to mitigate the risk associated with this vulnerability.

Affected Version(s)

http-proxy-middleware 0 < 2.0.8

http-proxy-middleware 3.0.0 < 3.0.4

References

https://github.com/chimurai/http-proxy-middleware/commit/...

https://github.com/chimurai/http-proxy-middleware/pull/1089

https://github.com/chimurai/http-proxy-middleware/release...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2025

CVE-2025-32996 Data

JSON