Unrated severityNVD Advisory· Published May 16, 2025· Updated Sep 8, 2025
HTTP Request Smuggling in Google Cloud Classic Application Load Balancer due to Improper Chunked Encoding Validation
CVE-2025-4600
Description
A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after a chunk, and is no longer exploitable. No action is required as Classic Application Load Balancer service after 2025-04-26 is not vulnerable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2before 2025-04-26+ 1 more
- (no CPE)range: before 2025-04-26
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.