
Cloud Vulnerability DB
A community-led vulnerabilities database
Fastify, a fast and low overhead web framework for Node.js, disclosed a vulnerability (CVE-2025-32442) affecting versions 5.0.0 to 5.3.0. The vulnerability allows applications that specify different validation strategies for different content types to bypass validation by providing a slightly altered content type, such as with different casing or altered whitespacing before ';'. This security issue was initially patched in v5.3.1, but due to incomplete fixes, a full patch was later released in v5.3.2 (GitHub Advisory).
The vulnerability stems from improper content-type parsing in the validation mechanism. When applications use content-type specific schema validation, attackers could bypass the validation controls by manipulating the content-type header through case modifications or whitespace alterations. The issue has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N, indicating network accessibility, low attack complexity, and no required privileges or user interaction (GitHub Advisory, NVD).
The vulnerability primarily affects data integrity, as indicated by the CVSS metrics showing high impact on integrity but no impact on confidentiality or availability. Applications using content-type specific validation schemas could be exposed to malicious data that would normally be rejected by the validation rules, potentially leading to unexpected application behavior or security issues (GitHub Advisory).
A complete fix has been released in Fastify version 5.3.2. For users unable to update immediately, a workaround involves not specifying individual content types in the schema. Instead of using content-type specific validation, users should implement a single schema validation approach (GitHub Advisory, NVD).
Source: This report was generated using AI
Free Vulnerability Assessment
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
"We know that if Wiz identifies something as critical, it actually is."