CVE-2025-58056

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Netty versions 4.1.124.Final Netty versions 4.2.0.Alpha3 through 4.2.4.Final

Description Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. Netty incorrectly accepts standalone newline characters (LF) as a chunk-size line terminator, regardless of a preceding carriage return (CR), instead of requiring CRLF per HTTP/1.1 standards. When combined with reverse proxies that parse LF differently, attackers can craft requests that the proxy sees as one request but Netty processes as two, enabling request smuggling attacks.

Recommendations Netty version 4.1.125.Final Netty version 4.2.5.Final

Exploit

Fix

DoS

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-444

Related Identifiers

ALT-PU-2025-12309

ALT-PU-2025-13422

BDU:2025-12593

CLEANSTART-2026-DD05788

CLEANSTART-2026-GQ14179

CLEANSTART-2026-JU62349

CLEANSTART-2026-JW30455

CLEANSTART-2026-KU61465

CLEANSTART-2026-LE11246

CLEANSTART-2026-MM00120

CLEANSTART-2026-RN56220

CLEANSTART-2026-SQ91016

CLEANSTART-2026-SV95049

CLEANSTART-2026-VH41554

CLEANSTART-2026-WG59699

CLEANSTART-2026-WK99982

CVE-2025-58056

ECHO-564B-AFEC-8020

GHSA-FGHV-69VJ-QJ49

OPENSUSE-SU-2025:15520-1

SUSE-SU-2025:03114-1

SUSE-SU-2025_03114-1

USN-7918-1

Affected Products

Alt Linux

Debian

Linuxmint

Netty

Red Os

Suse

Ubuntu

CVE-2025-58056

Weakness Enumeration

Related Identifiers

Affected Products

References · 377