CVE-2025-47905 – Varnish Cache HTTP/1 Chunk Boundary CRLF Injection

CVE ID : CVE-2025-47905

Published : May 13, 2025, 10:15 p.m. | 1 hour, 49 minutes ago

Description : Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…