CVE-2025-30346

Published Mar 21, 2025

Last updated 2 days ago

CVSS medium 5.4

Overview

Description: Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.8
Impact score: 2.5
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

cve@mitre.org: CWE-444
nvd@nist.gov: CWE-444

Hype score: Not currently trending

CVE-2025-30346 Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests. https://t.co/ZACQJ2iDKp
@CVEnew
21 Mar 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.11:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "943E3FE8-EA6D-4500-8014-697A9A0CEF91"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.11:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2CBF396-441D-44F2-BAFF-D3B2A981FBCD"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.11:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "136343D5-80C1-4F83-8471-2C26F9FD492A"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.11:r4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A34B5F57-B86F-41CB-A3D8-9084960D3E45"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.11:r5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F56C6B72-1648-4BC7-A1E6-909DD51DAA30"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.11:r6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6A98E3A-74A4-46AB-BE58-EA0BF9D5EF89"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.11:r7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27571EA4-E959-4B6B-A7BA-ED18C42D59B8"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.12:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D94DA623-9D4C-4E20-9187-084B1F26115F"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.12:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA7B6AAB-DB21-42EA-B363-C17290E0A05E"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.12:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E00CC49-4237-44EC-8CE5-695F99222B91"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.12:r4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C052A78-5D8B-4249-B298-E1AEA6A80B5C"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.12:r5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "233436C7-4DE1-4780-A074-B83864B023CF"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.12:r6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D5CE182-CC6C-4D6C-A481-D467C09756B4"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.12:r7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFDE0DA4-9EDE-4EB9-870E-8402DD590566"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.12:r8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "092A6346-A101-44D8-A5B2-8178B251CB6E"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.12:r9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A5DAC70-FD7A-4E8A-B5E3-5380CDE0A7F0"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7345B2F1-A33C-430E-9DB9-52BF63F750A8"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C977CB4-E9E8-49B4-9D2A-B5DFA088EA1A"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0FEF673-0DED-4646-B5C2-3D5A4617380F"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2128880-BA15-414B-84F0-E57B96DF376C"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A9C9D8DF-86F8-4020-AC66-EF8367A11EDC"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "132F60B2-FADA-479E-B45E-166046A2567C"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4FB05CB-0966-43CD-84AA-B4F2DA181446"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2AAA8F5B-F974-4493-9573-F60CC9E084A4"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B67CD7FB-4810-4AFA-BD4D-F2AB2A41D0A4"
          },
          {
            "criteria": "cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "757060EC-9D22-4B11-9112-648A9B8A22F2",
            "versionEndExcluding": "7.6.2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References