PT-2025-16284 · Unknown · Http-Proxy-Middleware
Chimurai
·
Published
2025-04-15
·
Updated
2025-10-21
·
CVE-2025-32997
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
http-proxy-middleware versions 2.0.9 and earlier, 3.x versions prior to 3.0.5
Description
The issue arises when
fixRequestBody proceeds even if bodyParser has failed. This can lead to potential security risks.Recommendations
For versions prior to 2.0.9, update to version 2.0.9 or later.
For 3.x versions prior to 3.0.5, update to version 3.0.5 or later.
As a temporary workaround, consider disabling the
fixRequestBody function until a patch is available.Fix
Improper Check for Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Http-Proxy-Middleware