Cloudflare has issued a security warning about a request smuggling vulnerability (CVE-2025-4366) in its Pingora OSS framework, affecting its CDN caching components. The flaw could allow attackers to inject malicious requests, potentially exposing user data and redirecting visitors to malicious sites. #PingoraOSS #RequestSmuggling #CloudflareCDN
Keypoints
- The vulnerability CVE-2025-4366 affects Pingoraโs caching components used in Cloudflareโs CDN.
- It stems from an HTTP request parsing bug that skips processing request bodies after cache hits.
- Attackers can exploit this flaw to conduct request smuggling, injecting malicious requests into legitimate traffic.
- Cloudflare quickly responded by disabling affected traffic and released a patch in version 0.5.0.
- Customers are advised to upgrade to the latest Pingora version; those on the free tier received the fix automatically.
Read More: https://thecyberexpress.com/cloudflare-fixes-cve-2025-4366-in-pingora-oss/