PT-2025-21652 · Google · Google Cloud Classic Application Load Balancer
Published
2025-05-16
·
Updated
2025-07-29
·
CVE-2025-4600
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:L/SA:L |
Name of the Vulnerable Software and Affected Versions:
Google Cloud Classic Application Load Balancer versions prior to 2025-04-26
Description:
A request smuggling issue existed due to improper handling of chunked-encoded HTTP requests, allowing attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after a chunk.
Recommendations:
For Google Cloud Classic Application Load Balancer versions prior to 2025-04-26, no action is required as the issue is fixed in versions after 2025-04-26.
Fix
RCE
HTTP Request/Response Smuggling
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Google Cloud Classic Application Load Balancer