CVE-2025-32094

MEDIUM

Akamai Ghost < 2025-03-26 - HTTP Request Smuggling via Obsolete Line Folding

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-32094. PoCs published by perplext.

AI-analyzed exploit summary This repository contains defensive security tools for detecting HTTP/1 request smuggling (desync) vulnerabilities, inspired by James Kettle's research. It includes a Go-based testing tool and Nuclei templates to identify parser discrepancies in HTTP/1.1 implementations.

Description

An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can lead to a discrepancy in how two in-path Akamai servers interpret the request, allowing an attacker to smuggle a second request in the original request body.

Exploits (1)

nomisec SCANNER 3 stars
by perplext · poc
https://github.com/perplext/echteeteepee

This repository contains defensive security tools for detecting HTTP/1 request smuggling (desync) vulnerabilities, inspired by James Kettle's research. It includes a Go-based testing tool and Nuclei templates to identify parser discrepancies in HTTP/1.1 implementations.

Classification
Scanner 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: HTTP/1.1 servers and proxies
No auth needed
Prerequisites: Access to target HTTP/1.1 server or proxy · Persistent HTTP/1.1 connection
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 4.0
EPSS 0.0052
EPSS Percentile 39.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-444
Status published
Products (1)
Akamai/AkamaiGhost < 2025-03-26
Published Aug 07, 2025
Tracked Since Feb 18, 2026