Description

Http4s is a Scala interface for HTTP services. In versions from 1.0.0-M1 to before 1.0.0-M45 and before 0.23.31, http4s is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section. This vulnerability could enable attackers to bypass front-end servers security controls, launch targeted attacks against active users, and poison web caches. A pre-requisite for exploitation involves the web application being deployed behind a reverse-proxy that forwards trailer headers. This issue has been patched in versions 1.0.0-M45 and 0.23.31.

INFO

Published Date :

2025-09-23T18:54:42.867Z

Last Modified :

2025-09-23T19:17:26.320Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-59822 vulnerability.

Vendors Products
Http4s
  • Http4s
Typelevel
  • Http4s
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-59822.

URL Resource
https://github.com/http4s/http4s/commit/dd518f7c967e5165813b8d4a48a82b8fab852d41 cve-icon cve-icon
https://github.com/http4s/http4s/security/advisories/GHSA-wcwh-7gfw-5wrr cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact