CVE-2025-12642
03.11.2025, 20:17
lighttpd1.4.80 incorrectly merged trailer fields into headersafter http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: * Bypass access control rules * Inject unsafe input into backend logic that trusts request headers * Execute HTTP Request Smuggling attacks under some conditions This issue affects lighttpd1.4.80
Awaiting analysis
This vulnerability is currently awaiting analysis.