CVE-2025-4600 – Google Cloud Classic Application Load Balancer HTTP Request Smuggling Vulnerability

CVE ID : CVE-2025-4600

Published : May 16, 2025, 2:15 p.m. | 45 minutes ago

Description : A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after a chunk, and is no longer exploitable. No action is required as Classic Application Load Balancer service after 2025-04-26 is not vulnerable.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…