VDB
CVE-2025-47905
CVE-2025-47905
PUBLISHED
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.
EPSS 0.29% · 52.8th percentile
Risk Scores
EPSS Score
0.29%
52.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | varnish | 7.0.0, 0 |
| Bitnami | varnish | 7.0.0, 0 |
Timeline
- May 12, 2025 CVE Published
- May 14, 2025 EPSS Score
- May 14, 2025 PoC Published
- May 15, 2025 PoC Published
- May 25, 2025 EPSS Score
- Jun 6, 2025 EPSS Score
- Jun 17, 2025 EPSS Score
- Jun 20, 2025 Coalition ESS Score
- Jun 29, 2025 EPSS Score
- Jul 10, 2025 EPSS Score
- Jul 21, 2025 EPSS Score
- Jul 31, 2025 CVE Updated