Medium severity5.4NVD Advisory· Published May 13, 2025· Updated Apr 15, 2026
CVE-2025-47905
CVE-2025-47905
Description
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- Range: <7.6.3 || >=7.7.0 <7.7.1
- Range: <6.0.13r14
- osv-coords5 versionspkg:bitnami/varnishpkg:rpm/almalinux/varnishpkg:rpm/almalinux/varnish-develpkg:rpm/almalinux/varnish-docspkg:rpm/almalinux/varnish-modules
< 6.6.2+ 4 more
- (no CPE)range: < 6.6.2
- (no CPE)range: < 6.0.13-1.module_el8.10.0+4003+9759c3c1.1
- (no CPE)range: < 6.0.13-1.module_el8.10.0+4003+9759c3c1.1
- (no CPE)range: < 6.0.13-1.module_el8.10.0+4003+9759c3c1.1
- (no CPE)range: < 0.15.0-6.module_el8.9.0+3826+307eaba4
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.