CVE-2025-54142 MEDIUM

CVE-2025-54142

Vendor Akamai
Product AkamaiGhost
Weakness CWE-444
Published August 29, 2025
Last update August 29, 2025

CVSS base score

4.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if the origin server violates certain Internet standards.

Key dates

02Disclosure timeline

August 29, 2025 CVE published
August 29, 2025 Record updated