CVE-2025-6442

EUVD-2025-19113
Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions.

The specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876.
HTTP Request/Response Smuggling
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
zdiCNA
6.5 MEDIUM
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Affected Products (NVD)
VendorProductVersion
ruby-langwebrick
𝑥
< 1.8.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ruby-webrick
bookworm
no-dsa
forky
1.9.2-1
fixed
sid
1.9.2-1
fixed
trixie
1.9.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ruby-webrick
jammy
Fixed 1.7.0-3ubuntu0.2
released
noble
Fixed 1.8.1-1ubuntu0.2
released
oracular
ignored
plucky
Fixed 1.8.1-1ubuntu1.1
released
questing
Fixed 1.9.1-1
released
jruby
bionic
needed
focal
needed
jammy
dne
noble
not-affected
plucky
not-affected
questing
not-affected
trusty
needed
xenial
needed
ruby2.3
jammy
dne
noble
dne
plucky
dne
questing
dne
xenial
Fixed 2.3.1-2~ubuntu16.04.16+esm11
released
ruby2.5
bionic
Fixed 2.5.1-1ubuntu1.16+esm6
released
jammy
dne
noble
dne
plucky
dne
questing
dne
ruby2.7
focal
Fixed 2.7.0-5ubuntu1.18+esm3
released
jammy
dne
noble
dne
plucky
dne
questing
dne
Common Weakness Enumeration
References
https://github.com/ruby/webrick/commit/ee60354bcb84ec33b9245e1d1aa6e1f7e8132101#diff-ad02984d873efb089aa51551bc6b7d307a53e0ba1ac439e91d69c2e58a478864
https://www.zerodayinitiative.com/advisories/ZDI-25-414/