New variants of HTTP request smuggling attacks have compromised major CDN providers like Akamai and Cloudflare, affecting millions of websites and exposing sensitive user data. Researchers recommend migrating from HTTP/1.1 to HTTP/2+ to mitigate these vulnerabilities. #Akamai #Cloudflare #HTTPRequestSmuggling #CVE-2025-32094
Keypoints
- New HTTP request smuggling variants have impacted widely used CDNs, including Akamai and Cloudflare.
- Attackers exploit inconsistencies in how servers process HTTP requests, enabling credential theft and website redirection.
- Several organizations, including T-Mobile and GitLab, have been impacted, with some paying bug bounties for discovered vulnerabilities.
- Akamaiβs infrastructure CVE-2025-32094 was identified as a root cause, prompting quick response and mitigation efforts.
- Experts advise shifting from HTTP/1.1 to HTTP/2+ to reduce the risk of future request smuggling attacks.