{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-65114", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2025-11-18T00:11:27.195Z", "datePublished": "2026-04-02T15:55:27.280Z", "dateUpdated": "2026-04-02T18:10:10.171Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Traffic Server", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "9.2.12", "status": "affected", "version": "9.0.0", "versionType": "semver"}, {"lessThanOrEqual": "10.1.1", "status": "affected", "version": "10.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Katsutoshi Ikenoya"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">Apache Traffic Server allows request smuggling if c</span>hunked messages are malformed.</span>&nbsp;</p><p>This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1.</p><p>Users are recommended to upgrade to version 9.2.13 or 10.1.2, which fix the issue.</p>"}], "value": "Apache Traffic Server allows request smuggling if chunked messages are malformed.\u00a0\n\nThis issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1.\n\nUsers are recommended to upgrade to version 9.2.13 or 10.1.2, which fix the issue."}], "metrics": [{"other": {"content": {"text": "moderate"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-444", "description": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2026-04-02T15:55:27.280Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/2s11roxlv1j8ph6q52rqo1klvl01n14q"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache Traffic Server: Malformed chunked message body allows request smuggling", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T18:09:43.044758Z", "id": "CVE-2025-65114", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T18:10:10.171Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-65114", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2025-11-18T00:11:27.195Z", "datePublished": "2026-04-02T15:55:27.280Z", "dateUpdated": "2026-04-02T18:10:10.171Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Traffic Server", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "9.2.12", "status": "affected", "version": "9.0.0", "versionType": "semver"}, {"lessThanOrEqual": "10.1.1", "status": "affected", "version": "10.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Katsutoshi Ikenoya"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">Apache Traffic Server allows request smuggling if c</span>hunked messages are malformed.</span>&nbsp;</p><p>This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1.</p><p>Users are recommended to upgrade to version 9.2.13 or 10.1.2, which fix the issue.</p>"}], "value": "Apache Traffic Server allows request smuggling if chunked messages are malformed.\u00a0\n\nThis issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1.\n\nUsers are recommended to upgrade to version 9.2.13 or 10.1.2, which fix the issue."}], "metrics": [{"other": {"content": {"text": "moderate"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-444", "description": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2026-04-02T15:55:27.280Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/2s11roxlv1j8ph6q52rqo1klvl01n14q"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache Traffic Server: Malformed chunked message body allows request smuggling", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-65114", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-02T18:09:43.044758Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T18:08:34.686Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "361CCF7A-CB22-4074-A902-779476856482", "versionEndExcluding": "9.2.13", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA23F0DC-E368-4327-87A1-A0DCD8553AFF", "versionEndExcluding": "10.1.2", "versionStartIncluding": "10.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache Traffic Server allows request smuggling if chunked messages are malformed.\u00a0\n\nThis issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1.\n\nUsers are recommended to upgrade to version 9.2.13 or 10.1.2, which fix the issue."}], "id": "CVE-2025-65114", "lastModified": "2026-04-06T16:05:24.443", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-02T17:16:21.087", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/2s11roxlv1j8ph6q52rqo1klvl01n14q"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "security@apache.org", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[9.0.0,9.2.12]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[10.0.0,10.1.1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Apache Traffic Server", "source": "cna", "vendor": "Apache Software Foundation"}, "product": "traffic_server", "vendor": "apache"}], "analysis": {"en": {"generated_at": "2026-04-06T20:51:32.236437+00:00", "value": {"mitigation_remediation": ["Upgrade Apache Traffic Server to version 9.2.13 or 10.1.2 to apply the vendor fix.", "Verify that the upgrade has been applied by checking the server version string.", "If an immediate upgrade is not possible, restrict inbound traffic to trusted networks or use a reverse proxy that validates request headers before forwarding traffic to the backend."], "summary": {"action": "Upgrade", "impact": "HTTP Request Smuggling"}, "threat_synthesis": {"affected_systems": "The affected releases are Apache Traffic Server 9.0.0 through 9.2.12 and 10.0.0 through 10.1.1. All builds of these versions that employ the default chunked parsing logic are vulnerable, affecting any installation exposed to untrusted HTTP traffic.", "description_and_impact": "Apache Traffic Server processes HTTP request bodies that use chunked transfer encoding. When a client delivers a malformed chunked message, the server misinterprets request boundaries, allowing the attack to smuggle a second request into the same flow. This flaw is an example of CWE\u2011444, a vulnerability arising from HTTP request smuggling that can subvert normal request handling.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 7.5, indicating high severity, while the EPSS score is below 1% and no public exploitation has been seen. It is not listed in the CISA KEV catalog. No authentication or elevated privileges are required; any network client that can communicate with the server over HTTP can trigger the issue, making remote\u2011facing deployments especially at risk."}}}}, "created": "2026-04-03T08:58:16.561988+00:00", "updated": "2026-04-07T07:56:07.866202+00:00", "vendors": ["apache", "apache$PRODUCT$traffic_server"]}