CVE-2025-58056: Netty vulnerable to request smuggling due to incorrect parsing of chunk extensions
(updated )
A flaw in netty’s parsing of chunk extensions in HTTP/1.1 messages with chunked encoding can lead to request smuggling issues with some reverse proxies.
References
- github.com/JLLeitschuh/unCVEed/issues/1
- github.com/advisories/GHSA-fghv-69vj-qj49
- github.com/github/advisory-database/pull/6092
- github.com/netty/netty
- github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284
- github.com/netty/netty/issues/15522
- github.com/netty/netty/pull/15611
- github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49
- nvd.nist.gov/vuln/detail/CVE-2025-58056
- w4ke.info/2025/06/18/funky-chunks.html
Code Behaviors & Features
Detect and mitigate CVE-2025-58056 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →