CVE-2025-32997: http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed
(updated )
In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed.
References
- github.com/advisories/GHSA-9gqv-wp59-fq42
- github.com/chimurai/http-proxy-middleware
- github.com/chimurai/http-proxy-middleware/commit/1bdccbeec243850f1d2bb50ea0ff2151e725d67e
- github.com/chimurai/http-proxy-middleware/pull/1096
- github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.9
- github.com/chimurai/http-proxy-middleware/releases/tag/v3.0.5
- nvd.nist.gov/vuln/detail/CVE-2025-32997
Code Behaviors & Features
Detect and mitigate CVE-2025-32997 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →