CVE-2025-32996
📋 TL;DR
This vulnerability in http-proxy-middleware allows writeBody to be called twice due to a missing 'else if' statement, potentially causing unexpected behavior in proxy responses. It affects users of http-proxy-middleware versions before 2.0.8 and 3.x before 3.0.4. The issue could lead to response corruption or other unintended side effects.
💻 Affected Systems
- http-proxy-middleware
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Response corruption leading to data integrity issues, potential information disclosure, or denial of service for proxied requests.
Likely Case
Inconsistent proxy behavior, occasional response errors, or degraded performance for some requests.
If Mitigated
Minimal impact with proper error handling and monitoring in place.
🎯 Exploit Status
Exploitation requires specific conditions to trigger the double writeBody call, but no authentication is needed if the proxy is accessible.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.8 for v2.x, 3.0.4 for v3.x
Vendor Advisory: https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.8
Restart Required: Yes
Instructions:
1. Update package.json to use http-proxy-middleware version 2.0.8 or higher for v2.x, or 3.0.4 or higher for v3.x. 2. Run 'npm update http-proxy-middleware' or 'yarn upgrade http-proxy-middleware'. 3. Restart your application server.
🔧 Temporary Workarounds
Implement custom middleware wrapper
allWrap the proxy middleware with error handling to catch and handle potential double writeBody calls.
// Example Node.js middleware wrapper
app.use((req, res, next) => {
const originalWrite = res.write;
let writeCalled = false;
res.write = function(data) {
if (writeCalled) {
console.warn('Potential double write detected');
return false;
}
writeCalled = true;
return originalWrite.call(this, data);
};
next();
});
🧯 If You Can't Patch
- Implement network segmentation to isolate the proxy service from untrusted networks.
- Add monitoring for abnormal response patterns or errors in proxy logs.
🔍 How to Verify
Check if Vulnerable:
Check package.json or run 'npm list http-proxy-middleware' to see installed version. Vulnerable if version is <2.0.8 for v2.x or <3.0.4 for v3.x.Check Version:
npm list http-proxy-middleware | grep http-proxy-middlewareVerify Fix Applied:
After updating, verify version with 'npm list http-proxy-middleware' shows 2.0.8+ or 3.0.4+. Test proxy functionality with various requests.📡 Detection & Monitoring
Log Indicators:
- Multiple write operations for single requests
- Unexpected response errors
- Proxy middleware throwing exceptions
Network Indicators:
- Incomplete or malformed HTTP responses from proxy
- Unusual response timing patterns
SIEM Query:
source="proxy_logs" AND ("writeBody" OR "double write" OR "response error")