CVE-2025-32094

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/100", "name": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/100", "tags": [], "refsource": ""}, {"url": "https://www.akamai.com/blog/security/cve-2025-32094-http-request-smuggling", "name": "https://www.akamai.com/blog/security/cve-2025-32094-http-request-smuggling", "tags": [], "refsource": ""}, {"url": "https://www.blackhat.com/us-25/briefings/schedule/#http1-must-die-the-desync-endgame-45103", "name": "https://www.blackhat.com/us-25/briefings/schedule/#http1-must-die-the-desync-endgame-45103", "tags": [], "refsource": ""}, {"url": "https://www.rfc-editor.org/rfc/rfc9112.html#name-obsolete-line-folding", "name": "https://www.rfc-editor.org/rfc/rfc9112.html#name-obsolete-line-folding", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an \"Expect: 100-continue\" header, and using obsolete line folding, can lead to a discrepancy in how two in-path Akamai servers interpret the request, allowing an attacker to smuggle a second request in the original request body."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-444"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-32094", "ASSIGNER": "cve@mitre.org"}}, "impact": {}, "publishedDate": "2025-08-07T05:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-08-07T05:15Z"}