CVE-2025-54142 is a vulnerability classified under CWE-444, known as HTTP Request Smuggling, affecting Akamai's AkamaiGhost product versions prior to 2025-07-21. The issue arises due to inconsistent interpretation of HTTP requests between the Akamai proxy server and the origin server, specifically when an OPTIONS HTTP request contains an entity body. According to HTTP standards, OPTIONS requests typically do not carry a body, but some origin servers may violate this expectation. This discrepancy allows an attacker to craft a malicious HTTP request that exploits the persistent connection between the proxy and origin server. By smuggling an additional HTTP request within the body of the OPTIONS request, the attacker can manipulate how the proxy and origin server parse and process requests. This can lead to partial request splitting or merging, enabling the attacker to bypass security controls, poison caches, or perform unauthorized actions. The vulnerability requires no authentication and no user interaction, but it has a relatively high attack complexity due to the need for specific conditions regarding the origin server's behavior. The CVSS v3.1 score is 4.0 (medium severity), reflecting no impact on confidentiality or availability but a limited impact on integrity. No known exploits are currently reported in the wild, and no patches are linked yet, indicating that mitigation may rely on configuration changes or awaiting official fixes.

For European organizations, especially those utilizing Akamai's AkamaiGhost as part of their content delivery or web application firewall infrastructure, this vulnerability could allow attackers to perform HTTP request smuggling attacks that undermine the integrity of web traffic. Potential impacts include unauthorized modification of HTTP requests, cache poisoning leading to delivery of malicious content, or bypassing security controls such as WAF rules or authentication mechanisms. This could result in targeted attacks against sensitive web applications, data manipulation, or indirect facilitation of further exploits. Given Akamai's widespread use among European enterprises, including financial institutions, e-commerce, and government services, the risk is notable. However, the medium severity and high attack complexity somewhat limit immediate widespread exploitation. Still, attackers targeting high-value European assets could leverage this vulnerability to gain footholds or disrupt services.

European organizations should immediately audit their use of AkamaiGhost proxies and verify the version in use, ensuring upgrades to versions released after 2025-07-21 once available. In the interim, organizations can mitigate risk by configuring origin servers to strictly adhere to HTTP standards, specifically rejecting or not processing OPTIONS requests with entity bodies. Additionally, implementing strict HTTP request validation and normalization at the proxy and origin server layers can reduce the risk of request smuggling. Monitoring HTTP traffic for anomalous OPTIONS requests with bodies and unusual request patterns can aid in early detection. Network segmentation and limiting persistent connections between proxies and origin servers may also reduce attack surface. Finally, organizations should stay alert for official patches from Akamai and apply them promptly.