CVE-2025-32094

Name of the Vulnerable Software and Affected Versions Akamai Ghost versions prior to 2025-03-26

Description An issue exists in Akamai Ghost, used for the Akamai CDN platform. A client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can cause a discrepancy in how two in-path Akamai servers interpret the request. This allows an attacker to smuggle a second request in the original request body.

Recommendations Update Akamai Ghost to version 2025-03-26 or later.