VYPR
Unrated severityNVD Advisory· Published Nov 3, 2025· Updated Nov 3, 2025

HTTP Header Smuggling via Trailer Merge

CVE-2025-12642

Description

lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks.

Successful exploitation may allow an attacker to:

  • Bypass access control rules
  • Inject unsafe input into backend logic that trusts request headers
  • Execute HTTP Request Smuggling attacks under some conditions

This issue affects lighttpd1.4.80

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Lighttpd/Lighttpdllm-fuzzy2 versions
    >=1.4.80+ 1 more
    • (no CPE)range: >=1.4.80
    • (no CPE)range: 1.4.80

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.