Security Flaw in http-proxy-middleware Affects Multiple Versions
CVE-2025-32997

4MEDIUM

Key Information:

Vendor: Chimurai
Status: Http-proxy-middleware
Vendor: CVE Published:; 15 April 2025

What is CVE-2025-32997?

The http-proxy-middleware library experiences a significant flaw where the fixRequestBody function continues its execution even after the bodyParser has encountered a failure. This behavior can lead to inappropriate handling of request data and potential security risks. Users of versions prior to 2.0.9 and 3.x before 3.0.5 should apply updates to mitigate the issue, ensuring that request body parsing operates correctly and safely.

Affected Version(s)

http-proxy-middleware 0 < 2.0.9

http-proxy-middleware 3.0.0 < 3.0.5

References

https://github.com/chimurai/http-proxy-middleware/commit/...

https://github.com/chimurai/http-proxy-middleware/pull/1096

https://github.com/chimurai/http-proxy-middleware/release...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2025

CVE-2025-32997 Data

JSON

Chimurai

What is CVE-2025-32997?

Affected Version(s)

References

CVSS V3.1

Timeline