Medium severity4.0NVD Advisory· Published Aug 7, 2025· Updated Apr 15, 2026
CVE-2025-32094
CVE-2025-32094
Description
An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can lead to a discrepancy in how two in-path Akamai servers interpret the request, allowing an attacker to smuggle a second request in the original request body.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
4News mentions
1- HTTP/1.1 must die: the desync endgamePortSwigger Research · Aug 6, 2025