CVE-2025-11915 is a vulnerability classified under CWE-444, relating to inconsistent interpretation of HTTP requests, commonly known as HTTP request/response smuggling. This issue arises from connection desynchronization between an HTTP proxy and the backend model service in Google Cloud Vertex AI's Partner Models for MaaS (Model as a Service). HTTP request smuggling exploits differences in how front-end proxies and backend servers parse and handle HTTP requests, allowing an attacker to craft malicious requests that can bypass security controls, poison caches, hijack user sessions, or cause denial of service. In this case, the desynchronization can lead to partial compromise of confidentiality and availability, as indicated by the CVSS vector (VC:L, VI:N, VA:L). The vulnerability is remotely exploitable without authentication or user interaction, increasing its risk profile. Google has proactively rolled out fixes for all proxies in front of impacted models by September 28, 2025, mitigating the threat. No public exploits have been reported, and users are not required to take action, suggesting the fix is fully managed by Google Cloud. The vulnerability affects version '0' of the product, which likely indicates initial or default versions of the Partner Models for MaaS service. The CVSS score of 6.9 (medium severity) reflects the moderate impact and ease of exploitation. This vulnerability highlights the risks inherent in complex cloud service architectures where multiple HTTP parsing components interact.

For European organizations leveraging Google Cloud Vertex AI Partner Models, this vulnerability could lead to unauthorized manipulation of HTTP traffic between proxies and backend AI models. Potential impacts include partial leakage of sensitive data processed by AI models, injection of malicious requests causing service disruption, and possible bypass of security controls relying on HTTP traffic inspection. Given the AI models may process sensitive or proprietary data, confidentiality impacts are significant. Availability impacts could manifest as degraded or interrupted AI service functionality, affecting business operations reliant on these models. The vulnerability's remote exploitability without authentication increases risk, especially for organizations with public-facing AI services or integrated APIs. However, since Google has already deployed fixes, the immediate risk is mitigated if organizations use up-to-date cloud services. Organizations that have custom proxy configurations or delay updates may remain vulnerable. The medium severity suggests that while the threat is serious, it is not critical, but still warrants attention to prevent potential data breaches or service interruptions.

1. Verify that all Google Cloud Vertex AI Partner Models for MaaS services are running the latest patched versions, ensuring the fixes deployed by Google are active. 2. Review and update any custom HTTP proxy configurations or third-party proxies in front of AI model endpoints to ensure they correctly handle HTTP request parsing and do not introduce desynchronization. 3. Implement strict HTTP request validation and normalization at the proxy level to detect and block malformed or suspicious requests indicative of smuggling attempts. 4. Monitor HTTP traffic logs for anomalies such as unexpected request sequences, unusual header patterns, or inconsistent content lengths that may signal exploitation attempts. 5. Employ Web Application Firewalls (WAFs) with updated rulesets capable of detecting HTTP request smuggling techniques. 6. Conduct regular security assessments and penetration testing focusing on HTTP proxy and backend interactions within AI service architectures. 7. Educate DevOps and security teams about HTTP request smuggling risks and mitigation best practices specific to cloud AI services. 8. Coordinate with Google Cloud support to confirm that all relevant patches and mitigations are applied and to receive updates on any emerging threats related to this vulnerability.