CVE-2025-32997
MEDIUMChimurai Http-proxy-middleware < 2.0.9 - Improper Condition Check
Title source: ruleDescription
In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed.
Scores
CVSS v3
4.0
EPSS
0.0008
EPSS Percentile
23.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-754
Status
published
Products (2)
chimurai/http-proxy-middleware
< 2.0.9
npm/http-proxy-middleware
1.3.0 - 2.0.9npm
Published
Apr 15, 2025
Tracked Since
Feb 18, 2026