CVE-2025-47905 is a medium-severity vulnerability classified under CWE-444, known as HTTP Request/Response Smuggling, affecting Varnish Cache versions prior to 7.6.3 and 7.7 before 7.7.1, as well as Varnish Enterprise versions before 6.0.13r14. The vulnerability arises from improper handling of HTTP/1 requests, specifically due to the incorrect allowance of skipping CRLF (Carriage Return Line Feed) characters that delimit chunk boundaries in HTTP chunked transfer encoding. This flaw enables client-side desynchronization attacks, where an attacker crafts malicious HTTP requests that cause the server and downstream components (such as proxies or caches) to interpret the boundaries of HTTP messages inconsistently. This inconsistency can lead to request smuggling, allowing attackers to bypass security controls, poison caches, hijack user sessions, or perform cross-user attacks by injecting malicious payloads into subsequent requests. The vulnerability does not require authentication or user interaction but has a higher attack complexity due to the need for precise request crafting. The CVSS 3.1 base score is 5.4, reflecting a medium severity with network attack vector, high attack complexity, no privileges required, no user interaction, and a scope change with limited confidentiality and integrity impact but no availability impact. No known exploits have been reported in the wild yet, and no official patches are linked in the provided data, indicating that remediation may require upgrading to fixed versions 7.6.3, 7.7.1, or 6.0.13r14 for Varnish Cache and Varnish Enterprise respectively.

For European organizations, the impact of this vulnerability can be significant, especially for those relying on Varnish Cache as a reverse proxy or caching layer to accelerate web content delivery. Successful exploitation could allow attackers to bypass security controls, poison caches with malicious content, or hijack user sessions, potentially leading to unauthorized data disclosure or integrity violations. This could affect confidentiality of sensitive user data, degrade trust in web services, and cause reputational damage. While availability is not directly impacted, the indirect effects such as cache poisoning could disrupt normal service behavior. Organizations in sectors such as finance, e-commerce, government, and critical infrastructure that depend on Varnish Cache for performance and security could be targeted to gain footholds or escalate attacks. Given the medium severity and absence of known exploits, the immediate risk is moderate but warrants proactive mitigation to prevent exploitation as threat actors may develop exploits over time.

European organizations should prioritize upgrading Varnish Cache and Varnish Enterprise to the fixed versions 7.6.3, 7.7.1, or 6.0.13r14 as soon as they become available. Until patches are applied, organizations should implement strict input validation and HTTP request normalization at upstream proxies or web application firewalls (WAFs) to detect and block malformed chunked requests that deviate from HTTP standards. Monitoring HTTP traffic for anomalies indicative of request smuggling attempts, such as inconsistent Content-Length and Transfer-Encoding headers, is recommended. Additionally, segregating critical backend services and limiting exposure of Varnish Cache instances to untrusted networks can reduce attack surface. Security teams should also review cache configuration to minimize risk of cache poisoning and ensure logging is enabled to detect suspicious request patterns. Finally, maintaining awareness of vendor advisories and threat intelligence updates will help organizations respond promptly to emerging exploits.