CVE-2025-65114
Apache Traffic Server: Malformed chunked message body allows request smuggling
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th
Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1. Users are recommended to upgrade to version 9.2.13 or 10.1.2, which fix the issue.
| CWE | CWE-444 |
| Vendor | apache software foundation |
| Product | apache traffic server |
| Published | Apr 2, 2026 |
| Last Updated | Apr 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for apache software foundation apache traffic server
Be the first to know when new high vulnerabilities affecting apache software foundation apache traffic server are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Apache Software Foundation / Apache Traffic Server
9.0.0 ≤ 9.2.12 10.0.0 ≤ 10.1.1
References
Credits
🔍 Katsutoshi Ikenoya