Request Smuggling Vulnerability in Pingora Proxy Framework
CVE-2025-4366

7.4HIGH

Key Information:

Vendor: Cloudflare
Status
Vendor: CVE Published:; 22 May 2025

Badges

📰 News Worthy

What is CVE-2025-4366?

A vulnerability exists in Pingora’s proxying framework, which enables attackers to conduct request smuggling by injecting malicious HTTP requests through crafted request bodies in cache HITs. This exploitation can lead to unauthorized request execution, potentially allowing attackers to manipulate headers and URLs on subsequent requests. Such actions can compromise the integrity of cached data and may facilitate cache poisoning attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

News Articles

The Cyber Express

CVE-2025-4366

Cloudflare Fixes CVE-2025-4366 In Pingora OSS Framework

Cloudflare patches request smuggling flaw CVE-2025-4366 in Pingora OSS framework impacting CDN free tier users.

References

https://github.com/cloudflare/pingora

CVSS V4

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

📰
First article discovered by The Cyber Express
May 23, 2025
Vulnerability published
May 22, 2025
Vulnerability Reserved
May 5, 2025

JSON

Cloudflare

Badges

What is CVE-2025-4366?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

News Articles

Cloudflare Fixes CVE-2025-4366 In Pingora OSS Framework

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.