CVE-2025-30346

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-30346
Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests.

5.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://varnish-cache.org/security/VSV00015.html Vendor Advisory
https://lists.debian.org/debian-lts-announce/2025/03/msg00027.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:varnish-software:varnish_enterprise:6.0.11:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.11:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.11:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.11:r4:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.11:r5:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.11:r6:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.11:r7:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.12:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.12:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.12:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.12:r4:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.12:r5:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.12:r6:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.12:r7:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.12:r8:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.12:r9:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r4:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r5:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r6:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r7:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r8:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r9:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2025-03-21 07:15

Updated : 2025-04-02 22:15

NVD link : CVE-2025-30346

Mitre link : CVE-2025-30346

CVE.ORG link : CVE-2025-30346

JSON object : View

Products Affected

varnish-software

  • varnish_enterprise

varnish_cache_project

  • varnish_cache
CWE
CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')