CVE-2025-66373: n/a
Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing error that can result in HTTP request smuggling. When Akamai Ghost receives an invalid chunked body that includes a chunk size different from the actual size of the following chunk data, under certain circumstances, Akamai Ghost erroneously forwards the invalid request and subsequent superfluous bytes to the origin server. An attacker could hide a smuggled request in these superfluous bytes. Whether this is exploitable depends on the origin server's behavior and how it processes the invalid request it receives from Akamai Ghost.
AI Analysis
Technical Summary
CVE-2025-66373 is a vulnerability affecting Akamai Ghost, the software running on Akamai CDN edge servers prior to November 17, 2025. The flaw arises from incorrect processing of HTTP chunked transfer encoding in request bodies. When Akamai Ghost receives a chunked request where the declared chunk size does not match the actual size of the chunk data, it erroneously forwards the invalid request along with additional superfluous bytes to the origin server. This forwarding behavior can be exploited to perform HTTP request smuggling attacks, where an attacker crafts a malicious request hidden within the extra bytes forwarded by Akamai Ghost. HTTP request smuggling can lead to various attacks such as bypassing security controls, cache poisoning, cross-user data leakage, and web application firewall evasion. The actual exploitability depends on how the origin server interprets and processes the malformed requests forwarded by Akamai Ghost. Since Akamai CDN is widely used to accelerate and secure web traffic, this vulnerability could have broad implications. No patches or exploits are currently publicly available, and no CVSS score has been assigned yet. The vulnerability was reserved on November 28, 2025, and published on December 4, 2025.
Potential Impact
For European organizations, this vulnerability poses a significant risk due to Akamai's extensive CDN presence in Europe, where many enterprises and government agencies rely on Akamai for content delivery and security. If exploited, attackers could smuggle malicious HTTP requests past edge defenses, potentially leading to unauthorized access, data leakage, session hijacking, or manipulation of web application behavior. This could compromise confidentiality and integrity of sensitive data and disrupt availability through targeted attacks. Organizations with origin servers that do not properly validate or reject malformed chunked requests are particularly vulnerable. The impact is amplified for sectors with critical infrastructure or sensitive data, such as finance, healthcare, and government services. Additionally, the stealthy nature of HTTP request smuggling makes detection and mitigation challenging, increasing the risk of prolonged undetected exploitation.
Mitigation Recommendations
Organizations should monitor Akamai's official communications for patches or updates addressing this vulnerability and apply them promptly once available. In the interim, review and harden origin server configurations to ensure strict validation of chunked transfer encoding and reject malformed HTTP requests. Implement logging and monitoring to detect anomalies indicative of request smuggling attempts, such as unexpected request lengths or duplicated headers. Employ Web Application Firewalls (WAFs) with updated signatures capable of detecting HTTP request smuggling patterns. Conduct security assessments and penetration testing focused on HTTP request smuggling to identify and remediate weaknesses. Collaborate with Akamai support to understand any recommended configuration changes or temporary mitigations. Finally, educate security teams about the nature of HTTP request smuggling to improve incident response readiness.
Affected Countries
Germany, United Kingdom, France, Netherlands, Italy, Spain, Sweden
CVE-2025-66373: n/a
Description
Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing error that can result in HTTP request smuggling. When Akamai Ghost receives an invalid chunked body that includes a chunk size different from the actual size of the following chunk data, under certain circumstances, Akamai Ghost erroneously forwards the invalid request and subsequent superfluous bytes to the origin server. An attacker could hide a smuggled request in these superfluous bytes. Whether this is exploitable depends on the origin server's behavior and how it processes the invalid request it receives from Akamai Ghost.
AI-Powered Analysis
Technical Analysis
CVE-2025-66373 is a vulnerability affecting Akamai Ghost, the software running on Akamai CDN edge servers prior to November 17, 2025. The flaw arises from incorrect processing of HTTP chunked transfer encoding in request bodies. When Akamai Ghost receives a chunked request where the declared chunk size does not match the actual size of the chunk data, it erroneously forwards the invalid request along with additional superfluous bytes to the origin server. This forwarding behavior can be exploited to perform HTTP request smuggling attacks, where an attacker crafts a malicious request hidden within the extra bytes forwarded by Akamai Ghost. HTTP request smuggling can lead to various attacks such as bypassing security controls, cache poisoning, cross-user data leakage, and web application firewall evasion. The actual exploitability depends on how the origin server interprets and processes the malformed requests forwarded by Akamai Ghost. Since Akamai CDN is widely used to accelerate and secure web traffic, this vulnerability could have broad implications. No patches or exploits are currently publicly available, and no CVSS score has been assigned yet. The vulnerability was reserved on November 28, 2025, and published on December 4, 2025.
Potential Impact
For European organizations, this vulnerability poses a significant risk due to Akamai's extensive CDN presence in Europe, where many enterprises and government agencies rely on Akamai for content delivery and security. If exploited, attackers could smuggle malicious HTTP requests past edge defenses, potentially leading to unauthorized access, data leakage, session hijacking, or manipulation of web application behavior. This could compromise confidentiality and integrity of sensitive data and disrupt availability through targeted attacks. Organizations with origin servers that do not properly validate or reject malformed chunked requests are particularly vulnerable. The impact is amplified for sectors with critical infrastructure or sensitive data, such as finance, healthcare, and government services. Additionally, the stealthy nature of HTTP request smuggling makes detection and mitigation challenging, increasing the risk of prolonged undetected exploitation.
Mitigation Recommendations
Organizations should monitor Akamai's official communications for patches or updates addressing this vulnerability and apply them promptly once available. In the interim, review and harden origin server configurations to ensure strict validation of chunked transfer encoding and reject malformed HTTP requests. Implement logging and monitoring to detect anomalies indicative of request smuggling attempts, such as unexpected request lengths or duplicated headers. Employ Web Application Firewalls (WAFs) with updated signatures capable of detecting HTTP request smuggling patterns. Conduct security assessments and penetration testing focused on HTTP request smuggling to identify and remediate weaknesses. Collaborate with Akamai support to understand any recommended configuration changes or temporary mitigations. Finally, educate security teams about the nature of HTTP request smuggling to improve incident response readiness.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2025-11-28T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 6931bd5b6ade94f1c7900e34
Added to database: 12/4/2025, 4:56:59 PM
Last enriched: 12/4/2025, 5:12:12 PM
Last updated: 12/5/2025, 2:49:14 AM
Views: 14
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-12804: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wpdevelop Booking Calendar
MediumCVE-2025-11759: CWE-352 Cross-Site Request Forgery (CSRF) in watchful Backup, Restore and Migrate your sites with XCloner
MediumCVE-2025-62223: CWE-451: User Interface (UI) Misrepresentation of Critical Information in Microsoft Microsoft Edge (Chromium-based)
MediumCVE-2025-14052: Improper Access Controls in youlaitech youlai-mall
MediumCVE-2025-13373: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Advantech iView
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.