Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if the origin server violates certain Internet standards.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sun, 31 Aug 2025 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Akamai
Akamai akamaighost
Vendors & Products Akamai
Akamai akamaighost

Fri, 29 Aug 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 29 Aug 2025 01:15:00 +0000

Type Values Removed Values Added
Description Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if the origin server violates certain Internet standards.
Weaknesses CWE-444
References
Metrics cvssV3_1

{'score': 4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-08-29T14:27:14.217Z

Reserved: 2025-07-17T00:00:00.000Z

Link: CVE-2025-54142

cve-icon Vulnrichment

Updated: 2025-08-29T14:27:11.401Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-29T01:15:35.250

Modified: 2025-08-29T16:24:29.730

Link: CVE-2025-54142

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-31T08:41:38Z