Medium severity4.0NVD Advisory· Published Aug 7, 2025· Updated Apr 15, 2026

CVE-2025-32094

Description

An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can lead to a discrepancy in how two in-path Akamai servers interpret the request, allowing an attacker to smuggle a second request in the original request body.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/100nvd
www.akamai.com/blog/security/cve-2025-32094-http-request-smugglingnvd
www.blackhat.com/us-25/briefings/schedule/nvd
www.rfc-editor.org/rfc/rfc9112.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000