VDB
CVE-2025-32442
CVE-2025-32442
PUBLISHED
CVSS 7.5 HIGH
Fastify vulnerable to invalid content-type parsing, which could lead to validation bypass
EPSS 0.07% · 21.3th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
0.07%
21.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| fastify | fastify | >= 5.0.0, < 5.3.2, = 4.29.0, 5.0.0 |
| npm | fastify | 4.29.0, 5.0.0, 4.29.0 |
Exploit Intelligence
- https://github.com/fastify/fastify/security/advisories/GHSA-mg2h-6x62-wpwc (nist-nvd)
- CIRCL seen: CVE-2025-32442 (circl-sighting)
- https://github.com/fastify/fastify/commit/436da4c06dfbbb8c24adee3a64de0c51e4f47418 (circl)
- https://github.com/fastify/fastify/commit/f3d2bcb3963cd570a582e5d39aab01a9ae692fe4 (circl)
- https://hackerone.com/reports/3087928 (osv)
- setup.py (github-poc)
- setup.py (github-poc)
- setup.py (github-poc)
- setup.py (github-poc)
- setup.py (github-poc)
…and 9 more exploits
Timeline
- Jan 21, 1970 Security Advisory
- Apr 18, 2025 CVE Published
- Apr 18, 2025 PoC Published
- Apr 19, 2025 EPSS Score
- May 1, 2025 EPSS Score
- May 9, 2025 Coalition ESS Score
- May 14, 2025 EPSS Score
- May 26, 2025 EPSS Score
- May 29, 2025 CVE Updated
- Jun 7, 2025 EPSS Score
- Jun 19, 2025 EPSS Score
- Jul 2, 2025 EPSS Score
References
- https://github.com/fastify/fastify/security/advisories/GHSA-mg2h-6x62-wpwc url
- https://github.com/fastify/fastify/commit/436da4c06dfbbb8c24adee3a64de0c51e4f47418 url
- https://github.com/fastify/fastify/commit/f3d2bcb3963cd570a582e5d39aab01a9ae692fe4 url
- https://hackerone.com/reports/3087928 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-32442 advisory
- https://github.com/fastify/fastify package