CVE-2025-6442
Vulnerability
CVE-2025-6442
webrick: Ruby WEBrick Request Smuggling Vulnerability
ecosystem: redhat:6, redhat:7, redhat:8, redhat:9A request smuggling vulnerability has been discovered in the Ruby WEBrick gem. This vulnerability is exploitable when the product is deployed behind a HTTP proxy that fulfills specific conditions.
References
- secalert@redhat.com: https://access.redhat.com/security/cve/CVE-2025-6442
- secalert@redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2374895
- secalert@redhat.com: https://github.com/ruby/webrick/commit/ee60354bcb84ec33b9245e1d1aa6e1f7e8132101#diff-ad02984d873efb089aa51551bc6b7d307a53e0ba1ac439e91d69c2e58a478864
- secalert@redhat.com: https://nvd.nist.gov/vuln/detail/CVE-2025-6442
- secalert@redhat.com: https://www.cve.org/CVERecord?id=CVE-2025-6442
- secalert@redhat.com: https://www.zerodayinitiative.com/advisories/ZDI-25-414/
type: vendor
source: secalert@redhat.com
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
| AV | Network | |
|---|---|---|
| AC | High | |
| PR | None | |
| UI | None | |
| S | Not Changed | |
| C | Low | |
| I | High | |
| A | None |
source: secalert@redhat.com
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
source: secalert@redhat.com
published: 2025-06-25 16:52:24
modified: 2025-07-08 05:11:29
Detection
OR
ruby
package type: source
tag: rhel-6-els:bedace07-9632-525d-a652-045a2f8093cc
OR
ruby
package type: source
tag: rhel-7-extras-including-unpatched:ca6ed3f0-0f32-525d-a652-07357231e4eb
OR
ruby
package type: source
tag: rhel-8-including-unpatched:bbff1360-bf5a-d0cd-688e-e38d049d5890
OR
pcs
package type: source
tag: rhel-9-including-unpatched:435a9219-65b2-f412-2d39-f65c074bc1b9
Data Sources
- RedHat Enterprise Linux CSAF VEX
redhat-vex
