Skip to main content

Ktor CVE-2025-29904

MEDIUM
HTTP Request/Response Smuggling (CWE-444)
2025-03-12 cve@jetbrains.com
Information Disclosure Request Smuggling Ktor
5.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:31 vuln.today
CVE Published
Mar 12, 2025 - 13:15 nvd
MEDIUM 5.3

DescriptionNVD

In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible

AnalysisAI

In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as HTTP Request/Response Smuggling (CWE-444), which allows attackers to manipulate HTTP request interpretation between frontend and backend servers. In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible Affected products include: Jetbrains Ktor. Version information: before 3.1.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Enforce strict HTTP parsing, normalize requests at proxy layer, use HTTP/2 end-to-end, reject ambiguous headers.

Share

CVE-2025-29904 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy