Http Proxy Middleware
CVE-2025-32997
MEDIUM
Severity by source
AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
Lifecycle Timeline
3Blast Radius
ecosystem impact- 1 npm packages depend on http-proxy-middleware (1 direct, 0 indirect)
Ecosystem-wide dependent count for version 1.3.0.
DescriptionCVE.org
In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed.
AnalysisAI
In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required.
Technical ContextAI
This vulnerability is classified under CWE-754. In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed. Affected products include: Chimurai Http-Proxy-Middleware. Version information: before 2.0.9.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Http Proxy Middleware
View allVersions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Serv
In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used.
Same technique Information Disclosure
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today