CVE-2025-32442

Name of the Vulnerable Software and Affected Versions Fastify versions 4.29.0 through 5.3.1 Fastify version 4.9.0

Description Fastify is a fast, low overhead web framework for Node.js. Applications specifying different validation strategies for different content types may bypass validation by providing a slightly altered content type, such as with different casing or altered whitespace before the semicolon (;). This issue affects applications using a specific schema pattern where individual content types are defined with their own schemas. The initial patch in version 5.3.1 did not fully address the problem, and a complete fix was released in version 5.3.2 and 4.29.1.

Recommendations Fastify versions 4.29.0 through 5.3.1: Upgrade to version 5.3.2 or 4.29.1 to resolve the issue. Fastify version 4.9.0: Upgrade to version 4.9.1 to resolve the issue. As a workaround for all affected versions, avoid specifying individual content types in the schema.