CRLF Injection Vulnerability in Netty Network Application Framework
CVE-2025-67735

6.5MEDIUM

Key Information:

Vendor: Netty
Status: Netty
Vendor: CVE Published:; 16 December 2025

What is CVE-2025-67735?

The Netty Network Application Framework is vulnerable to a CRLF injection caused by improper handling of request URIs in the HttpRequestEncoder component. This vulnerability, present in versions prior to 4.1.129.Final and 4.2.8.Final, allows attackers to exploit request smuggling techniques if the URI is not properly sanitized. Applications utilizing this framework may inadvertently become targets, thus necessitating an upgrade to the fixed versions to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

netty >= 4.2.0.Alpha1, < 4.2.8.Final < 4.2.0.Alpha1, 4.2.8.Final

netty < 4.1.129.Final < 4.1.129.Final

References

https://github.com/netty/netty/security/advisories/GHSA-8...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 16, 2025
Vulnerability Reserved
Dec 11, 2025

JSON

Netty