CVE-2025-67735

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-67735

Severity

6.5

Medium

CVSS V3

Summary

Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder

Description

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the io.netty.handler.codec.http.HttpRequestEncoder has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when HttpRequestEncoder is used without proper sanitization of the URI. Any application / framework using HttpRequestEncoder can be subject to be abused to perform request smuggling using CRLF injection. Versions 4.1.129.Final and 4.2.8.Final fix the issue.

References

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2025-67735

Severity

Summary

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company