Vulnerability Database

296,090

Total vulnerabilities in the database

CVE-2025-58068

Impact

The Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections.

This vulnerability could enable attackers to:

Bypass front-end security controls
Launch targeted attacks against active site users
Poison web caches

Patches

Problem has been patched in eventlet 0.40.3.

The patch just drops trailers. If a backend behind eventlet.wsgi proxy requires trailers, then this patch BREAKS your setup.

Workarounds

Do not use eventlet.wsgi facing untrusted clients.

References

Patch https://github.com/eventlet/eventlet/pull/1062
This issue is similar to https://github.com/advisories/GHSA-9548-qrrj-x5pj

Published: Aug 29, 2025
Updated: Aug 30, 2025
CVE: CVE-2025-58068
GHSA: GHSA-hw6f-rjfj-j7j7
Severity: Medium
Exploit:

No technical information available.

CWEs:

CWE-444

Affected Software
References

Software	From	Fixed in
eventlet	-	0.40.3