{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T23:07:20.436","vulnerabilities":[{"cve":{"id":"CVE-2025-6442","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2025-06-25T17:15:40.117","lastModified":"2025-08-18T15:49:38.773","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions.\n\nThe specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876."},{"lang":"es","value":"Vulnerabilidad de contrabando de solicitudes HTTP en Ruby WEBrick read_header. Esta vulnerabilidad permite a atacantes remotos contrabandear solicitudes HTTP arbitrarias en las instalaciones afectadas de Ruby WEBrick. Este problema se puede explotar cuando el producto se implementa tras un proxy HTTP que cumple condiciones específicas. La falla específica se encuentra en el método read_headers. El problema se debe al análisis inconsistente de los terminadores de las cabeceras HTTP. Un atacante puede aprovechar esta vulnerabilidad para contrabandear solicitudes HTTP arbitrarias. Anteriormente, se denominó ZDI-CAN-21876."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":4.2}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ruby-lang:webrick:*:*:*:*:*:ruby:*:*","versionEndExcluding":"1.8.2","matchCriteriaId":"334FEC52-418A-49FC-A5C1-0FCAD123DD60"}]}]}],"references":[{"url":"https://github.com/ruby/webrick/commit/ee60354bcb84ec33b9245e1d1aa6e1f7e8132101#diff-ad02984d873efb089aa51551bc6b7d307a53e0ba1ac439e91d69c2e58a478864","source":"zdi-disclosures@trendmicro.com","tags":["Patch"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-25-414/","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory"]}]}}]}