Request Smuggling Vulnerability in Google Cloud Classic Application Load Balancer
CVE-2025-4600
8.7HIGH
What is CVE-2025-4600?
A request smuggling vulnerability existed in Google Cloud's Classic Application Load Balancer due to improper processing of chunked-encoded HTTP requests. Attackers could exploit this issue by crafting malicious requests that were misinterpreted by backend servers, potentially leading to unauthorized actions. The vulnerability was mitigated by implementing stricter controls to prevent stray data following a chunk in the request. This issue has been resolved and is not exploitable in any instances of the Classic Application Load Balancer deployed after April 26, 2025.
Affected Version(s)
Classic Application Load Balancer 0