CVE-2025-12642

Name of the Vulnerable Software and Affected Versions lighttpd version 1.4.80

Description The software improperly merges trailer fields into headers following HTTP request parsing, which can be leveraged to carry out HTTP Header Smuggling attacks. Successful exploitation could allow an attacker to bypass access control rules and inject unsafe input into backend logic that relies on request headers. It may also enable the execution of HTTP Request Smuggling attacks under certain circumstances.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.