CVE-2025-32997

MEDIUM

http-proxy-middleware < 2.0.9 and 3.x < 3.0.5 - Request Body Processing After Parser Failure

Title source: llm

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed.

Core 4

Core References

Patch

Issue Tracking

Release Notes

Release Notes

CVSS v3 4.0

EPSS 0.0039

EPSS Percentile 30.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

CWE

CWE-754

Status published

Products (2)

chimurai/http-proxy-middleware < 2.0.9

npm/http-proxy-middleware 1.3.0 - 2.0.9npm

Published Apr 15, 2025

Tracked Since Feb 18, 2026