Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseRUSTSEC-2025-0037
RUSTSEC-2025-0037:
Rust vulnerability analysis and mitigation
Overview
A request smuggling vulnerability (CVE-2025-4366/RUSTSEC-2025-0037) was discovered in the Pingora OSS framework on April 11, 2025. The vulnerability affected customers using Cloudflare's CDN free tier and users of the caching functionality provided in the open source pingora-proxy and pingora-cache crates. Cloudflare successfully mitigated the vulnerability by April 12, 2025, within 22 hours of notification (Cloudflare Blog).
Technical details
The vulnerability stemmed from an HTTP/1.1 parsing bug when caching was enabled in Pingora. Specifically, on cache hits, the logic to properly consume the downstream request body or decline connection reuse was inadvertently skipped. This allowed any unread request body left in the HTTP/1.1 connection to act as a vector for request smuggling, where the request body could 'poison' subsequent requests when formed into a valid but incomplete header (Cloudflare Blog).
Impact
The vulnerability enabled attackers to modify request headers and URLs sent to customer origins. Additionally, attackers could potentially cause visitors to Cloudflare sites to make subsequent requests to malicious origins and observe which site URLs the visitors were originally attempting to access. Some origin servers were particularly vulnerable to this secondary attack effect through 301 redirects that could expose visitor traffic patterns (Cloudflare Blog).
Mitigation and workarounds
Cloudflare immediately disabled CDN traffic to the vulnerable component on April 12, 2025, and subsequently released a patch fix. Users of the Pingora framework are strongly urged to upgrade to version 0.5.0 or later. For Cloudflare CDN free tier customers, no action is required as the patch has been automatically applied. Additionally, Cloudflare invalidated any assets cached on the component's backend to prevent possible cache poisoning from injected headers (Cloudflare Blog).
Community reactions
The vulnerability was responsibly disclosed by security researchers James Kettle & Wannes Verwimp through Cloudflare's Bug Bounty Program. Cloudflare acknowledged their contribution and emphasized their commitment to security and swift response to such vulnerabilities (Cloudflare Blog).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management