CVE-2025-59822

Name of the Vulnerable Software and Affected Versions Http4s versions 1.0.0-M1 through 1.0.0-M44 Http4s versions prior to 0.23.31

Description Http4s is susceptible to HTTP Request Smuggling because of incorrect handling of the HTTP trailer section. This can allow attackers to circumvent front-end server security measures, conduct attacks on current users, and corrupt web caches. Exploitation requires the web application to be deployed behind a reverse proxy that forwards trailer headers.

Recommendations Update to Http4s version 1.0.0-M45 or later. Update to Http4s version 0.23.31 or later.