{"api_version":"1","generated_at":"2026-04-21T08:58:31+00:00","cve":"CVE-2023-25725","urls":{"html":"https://cve.report/CVE-2023-25725","api":"https://cve.report/api/cve/CVE-2023-25725.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-25725","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-25725"},"summary":{"title":"CVE-2023-25725","description":"HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka \"request smuggling.\" The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2023-02-14 19:15:00","updated_at":"2023-11-07 04:09:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://git.haproxy.org/?p=haproxy-2.7.git;a=commit;h=a0e561ad7f29ed50c473f5a9da664267b60d1112","name":"https://git.haproxy.org/?p=haproxy-2.7.git;a=commit;h=a0e561ad7f29ed50c473f5a9da664267b60d1112","refsource":"CONFIRM","tags":[],"title":"Repositories - haproxy-2.7.git/commit","mime":"text/xml","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU/","name":"FEDORA-2023-7e04833463","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: haproxy-2.4.22-2.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU/","name":"FEDORA-2023-7e04833463","refsource":"","tags":[],"title":"[SECURITY] Fedora 36 Update: haproxy-2.4.22-2.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html","name":"[debian-lts-announce] 20230214 [SECURITY] [DLA 3318-1] haproxy security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3318-1] haproxy security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG/","name":"FEDORA-2023-3e8a21cd5b","refsource":"","tags":[],"title":"[SECURITY] Fedora 37 Update: haproxy-2.6.9-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2023/dsa-5348","name":"DSA-5348","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5348-1 haproxy","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=a0e561ad7f29ed50c473f5a9da664267b60d1112","name":"https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=a0e561ad7f29ed50c473f5a9da664267b60d1112","refsource":"","tags":[],"title":"Repositories","mime":"text/xml","httpstatus":"404","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG/","name":"FEDORA-2023-3e8a21cd5b","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 37 Update: haproxy-2.6.9-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.haproxy.org/","name":"https://www.haproxy.org/","refsource":"MISC","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-25725","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25725","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"25725","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"25725","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"25725","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haproxy","cpe5":"haproxy","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-25725","qid":"160544","title":"Oracle Enterprise Linux Security Update for haproxy (ELSA-2023-1696)"},{"cve":"CVE-2023-25725","qid":"181558","title":"Debian Security Update for haproxy (DLA 3318-1)"},{"cve":"CVE-2023-25725","qid":"181560","title":"Debian Security Update for haproxy (DSA 5348-1)"},{"cve":"CVE-2023-25725","qid":"183481","title":"Debian Security Update for haproxy (CVE-2023-25725)"},{"cve":"CVE-2023-25725","qid":"199173","title":"Ubuntu Security Notification for HAProxy Vulnerability (USN-5869-1)"},{"cve":"CVE-2023-25725","qid":"241280","title":"Red Hat OpenShift Container Platform 4.12 Security Update (RHSA-2023:1268)"},{"cve":"CVE-2023-25725","qid":"241339","title":"Red Hat Update for haproxy (RHSA-2023:1696)"},{"cve":"CVE-2023-25725","qid":"241387","title":"Red Hat Update for haproxy (RHSA-2023:1978)"},{"cve":"CVE-2023-25725","qid":"241546","title":"Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:1325)"},{"cve":"CVE-2023-25725","qid":"283747","title":"Fedora Security Update for haproxy (FEDORA-2023-7e04833463)"},{"cve":"CVE-2023-25725","qid":"283748","title":"Fedora Security Update for haproxy (FEDORA-2023-3e8a21cd5b)"},{"cve":"CVE-2023-25725","qid":"356216","title":"Amazon Linux Security Advisory for haproxy2 : ALASHAPROXY2-2023-003"},{"cve":"CVE-2023-25725","qid":"672964","title":"EulerOS Security Update for haproxy (EulerOS-SA-2023-1845)"},{"cve":"CVE-2023-25725","qid":"672990","title":"EulerOS Security Update for haproxy (EulerOS-SA-2023-1870)"},{"cve":"CVE-2023-25725","qid":"673015","title":"EulerOS Security Update for haproxy (EulerOS-SA-2023-1954)"},{"cve":"CVE-2023-25725","qid":"673020","title":"EulerOS Security Update for haproxy (EulerOS-SA-2023-1976)"},{"cve":"CVE-2023-25725","qid":"673122","title":"EulerOS Security Update for haproxy (EulerOS-SA-2023-2269)"},{"cve":"CVE-2023-25725","qid":"673164","title":"EulerOS Security Update for haproxy (EulerOS-SA-2023-2293)"},{"cve":"CVE-2023-25725","qid":"753686","title":"SUSE Enterprise Linux Security Update for haproxy (SUSE-SU-2023:0411-1)"},{"cve":"CVE-2023-25725","qid":"753687","title":"SUSE Enterprise Linux Security Update for haproxy (SUSE-SU-2023:0412-1)"},{"cve":"CVE-2023-25725","qid":"753693","title":"SUSE Enterprise Linux Security Update for haproxy (SUSE-SU-2023:0413-1)"},{"cve":"CVE-2023-25725","qid":"770180","title":"Red Hat OpenShift Container Platform 4.12 Security Update (RHSA-2023:1268)"},{"cve":"CVE-2023-25725","qid":"770186","title":"Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:1325)"},{"cve":"CVE-2023-25725","qid":"905554","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for haproxy (13575)"},{"cve":"CVE-2023-25725","qid":"905569","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for haproxy (13569)"},{"cve":"CVE-2023-25725","qid":"905679","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for haproxy (13569-1)"},{"cve":"CVE-2023-25725","qid":"906683","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for haproxy (13569-3)"},{"cve":"CVE-2023-25725","qid":"907018","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for haproxy (13575-1)"},{"cve":"CVE-2023-25725","qid":"940990","title":"AlmaLinux Security Update for haproxy (ALSA-2023:1696)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2023-25725","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka \"request smuggling.\" The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://www.haproxy.org/","refsource":"MISC","name":"https://www.haproxy.org/"},{"refsource":"CONFIRM","name":"https://git.haproxy.org/?p=haproxy-2.7.git;a=commit;h=a0e561ad7f29ed50c473f5a9da664267b60d1112","url":"https://git.haproxy.org/?p=haproxy-2.7.git;a=commit;h=a0e561ad7f29ed50c473f5a9da664267b60d1112"},{"refsource":"MLIST","name":"[debian-lts-announce] 20230214 [SECURITY] [DLA 3318-1] haproxy security update","url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html"},{"refsource":"DEBIAN","name":"DSA-5348","url":"https://www.debian.org/security/2023/dsa-5348"},{"refsource":"FEDORA","name":"FEDORA-2023-7e04833463","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU/"},{"refsource":"FEDORA","name":"FEDORA-2023-3e8a21cd5b","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG/"}]}},"nvd":{"publishedDate":"2023-02-14 19:15:00","lastModifiedDate":"2023-11-07 04:09:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.1,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.2}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"2.7.0","versionEndExcluding":"2.7.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.0","versionEndExcluding":"2.6.9","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"2.5.0","versionEndExcluding":"2.5.12","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"2.3.0","versionEndExcluding":"2.4.22","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"2.1.0","versionEndExcluding":"2.2.29","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0.31","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}