CVE-2025-58068

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions Eventlet versions prior to 0.40.3

Description The Eventlet WSGI parser is susceptible to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This issue could allow attackers to bypass front-end security controls, launch targeted attacks against active site users, and poison web caches.

Recommendations Update to Eventlet version 0.40.3 or later. As a workaround, avoid using Eventlet WSGI when facing untrusted clients.

Exploit

Fix

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-444

Related Identifiers

BDU:2025-14415

CVE-2025-58068

DLA-4289-1

GHSA-HW6F-RJFJ-J7J7

OESA-2025-2232

OPENSUSE-SU-2025:15507-1

RHSA-2026:1959

SUSE-SU-2025:03051-1

SUSE-SU-2025:03202-1

USN-7772-1

Affected Products

Debian

Eventlet

Linuxmint

Red Os

Ubuntu

CVE-2025-58068

Weakness Enumeration

Related Identifiers

Affected Products

References · 38