CVE-2025-6442

Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions.

The specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876.
HTTP Request/Response Smuggling
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
zdiCNA
6.5 MEDIUM
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
VendorProductVersion
ruby-langwebrick
𝑥
< 1.8.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ruby-webrick
bookworm
no-dsa
forky
1.9.1-1
fixed
sid
1.9.1-1
fixed
trixie
1.9.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ruby-webrick
questing
Fixed 1.9.1-1
released
plucky
Fixed 1.8.1-1ubuntu1.1
released
oracular
ignored
noble
Fixed 1.8.1-1ubuntu0.2
released
jammy
Fixed 1.7.0-3ubuntu0.2
released
jruby
questing
not-affected
plucky
not-affected
noble
not-affected
jammy
dne
focal
needed
bionic
needed
xenial
needed
trusty
needed
ruby2.3
questing
dne
plucky
dne
noble
dne
jammy
dne
xenial
Fixed 2.3.1-2~ubuntu16.04.16+esm11
released
ruby2.5
questing
dne
plucky
dne
noble
dne
jammy
dne
bionic
Fixed 2.5.1-1ubuntu1.16+esm6
released
ruby2.7
questing
dne
plucky
dne
noble
dne
jammy
dne
focal
Fixed 2.7.0-5ubuntu1.18+esm3
released
Common Weakness Enumeration
References
https://github.com/ruby/webrick/commit/ee60354bcb84ec33b9245e1d1aa6e1f7e8132101#diff-ad02984d873efb089aa51551bc6b7d307a53e0ba1ac439e91d69c2e58a478864
https://www.zerodayinitiative.com/advisories/ZDI-25-414/