Description

Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0 as well as version 4.29.0, applications that specify different validation strategies for different content types have a possibility to bypass validation by providing a _slightly altered_ content type such as with different casing or altered whitespacing before `;`. This was patched in v5.3.1, but the initial patch did not cover all problems. This has been fully patched in v5.3.2 and v4.29.1. A workaround involves not specifying individual content types in the schema.

INFO

Published Date :

2025-04-18T15:59:06.670Z

Last Modified :

2025-08-22T20:50:43.059Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-32442 vulnerability.

Vendors Products
Fastify
  • Fastify
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-32442.

URL Resource
https://github.com/fastify/fastify/commit/436da4c06dfbbb8c24adee3a64de0c51e4f47418 cve-icon cve-icon cve-icon
https://github.com/fastify/fastify/commit/f3d2bcb3963cd570a582e5d39aab01a9ae692fe4 cve-icon cve-icon
https://github.com/fastify/fastify/security/advisories/GHSA-mg2h-6x62-wpwc cve-icon cve-icon cve-icon
https://hackerone.com/reports/3087928 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-32442 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-32442 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact