CVE-2025-30346

Published: Mar 21, 2025
Updated: May 4, 2025
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-30346" target="_blank" rel="noopener"> CVE-2025-30346
Severity: Low
Exploit:

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests.

CVSS v3:

CWEs:

Software	From	Fixed in
varnish-software / varnish_enterprise	6.0.11-r1	6.0.11-r1.x
varnish-software / varnish_enterprise	6.0.11-r2	6.0.11-r2.x
varnish-software / varnish_enterprise	6.0.11-r3	6.0.11-r3.x
varnish-software / varnish_enterprise	6.0.11-r4	6.0.11-r4.x
varnish_cache_project / varnish_cache	-	7.6.2
varnish-software / varnish_enterprise	6.0.13-r2	6.0.13-r2.x
varnish-software / varnish_enterprise	6.0.11-r5	6.0.11-r5.x
varnish-software / varnish_enterprise	6.0.11-r6	6.0.11-r6.x
varnish-software / varnish_enterprise	6.0.11-r7	6.0.11-r7.x
varnish-software / varnish_enterprise	6.0.12-r1	6.0.12-r1.x
varnish-software / varnish_enterprise	6.0.12-r2	6.0.12-r2.x
varnish-software / varnish_enterprise	6.0.13-r3	6.0.13-r3.x
varnish-software / varnish_enterprise	6.0.13-r4	6.0.13-r4.x
varnish-software / varnish_enterprise	6.0.13-r5	6.0.13-r5.x
varnish-software / varnish_enterprise	6.0.13-r6	6.0.13-r6.x
varnish-software / varnish_enterprise	6.0.13-r7	6.0.13-r7.x
varnish-software / varnish_enterprise	6.0.13-r8	6.0.13-r8.x
varnish-software / varnish_enterprise	6.0.13-r9	6.0.13-r9.x
varnish-software / varnish_enterprise	6.0.12-r3	6.0.12-r3.x
varnish-software / varnish_enterprise	6.0.12-r4	6.0.12-r4.x
varnish-software / varnish_enterprise	6.0.12-r5	6.0.12-r5.x
varnish-software / varnish_enterprise	6.0.12-r6	6.0.12-r6.x
varnish-software / varnish_enterprise	6.0.12-r7	6.0.12-r7.x
varnish-software / varnish_enterprise	6.0.12-r8	6.0.12-r8.x
varnish-software / varnish_enterprise	6.0.12-r9	6.0.12-r9.x
varnish-software / varnish_enterprise	6.0.13-r1	6.0.13-r1.x

Vulnerability Database