{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T15:06:25.827","vulnerabilities":[{"cve":{"id":"CVE-2025-47905","sourceIdentifier":"cve@mitre.org","published":"2025-05-13T22:15:24.990","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries."},{"lang":"es","value":"Varnish Cache anterior a 7.6.3 y 7.7 anterior a 7.7.1, y Varnish Enterprise anterior a 6.0.13r14, permiten la desincronización del lado del cliente a través de solicitudes HTTP/1, porque el producto permite incorrectamente que se omita CRLF para delimitar los límites de los fragmentos."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.7}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]}],"references":[{"url":"https://varnish-cache.org/security/VSV00016.html","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2025/05/15/2","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00040.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}