CVE-2025-54142
📋 TL;DR
This CVE describes an HTTP request smuggling vulnerability in Akamai Ghost that allows attackers to smuggle requests through an Akamai proxy to backend origin servers. The vulnerability occurs when an OPTIONS request contains an entity body, enabling subsequent requests within the same persistent connection if the origin server violates certain HTTP standards. This affects Akamai Ghost users with vulnerable configurations.
💻 Affected Systems
- Akamai Ghost
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could bypass security controls, poison caches, hijack user sessions, or perform web cache deception attacks against backend servers.
Likely Case
Limited request smuggling that could allow some request manipulation or cache poisoning in specific configurations.
If Mitigated
Minimal impact with proper origin server configurations and updated Akamai Ghost installations.
🎯 Exploit Status
Exploitation requires specific origin server misconfigurations and understanding of HTTP request smuggling techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2025-07-21 or later
Vendor Advisory: https://community.akamai.com/customers/s/feed/0D5a700000W51m8CAB
Restart Required: Yes
Instructions:
1. Update Akamai Ghost to version 2025-07-21 or later. 2. Apply the update through Akamai's management interface. 3. Restart affected services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Configure origin servers to reject OPTIONS with body
allEnsure backend origin servers properly reject OPTIONS requests that contain entity bodies as per HTTP standards.
Disable persistent connections
allConfigure Akamai Ghost to not use persistent connections between proxy and origin servers.
🧯 If You Can't Patch
- Implement strict validation of HTTP requests at origin servers
- Deploy WAF rules to detect and block suspicious OPTIONS requests with entity bodies
🔍 How to Verify
Check if Vulnerable:
Check Akamai Ghost version via management interface or configuration files. If version is before 2025-07-21, system is vulnerable.Check Version:
Check via Akamai management console or configuration files specific to your deployment.Verify Fix Applied:
Verify Akamai Ghost version is 2025-07-21 or later and test with controlled OPTIONS requests containing entity bodies.📡 Detection & Monitoring
Log Indicators:
- Unusual OPTIONS requests with content-length headers
- Multiple requests appearing from single connections
- HTTP parsing errors in logs
Network Indicators:
- OPTIONS requests with entity bodies
- Abnormal request sequences in persistent connections
SIEM Query:
search OPTIONS AND (content-length > 0 OR transfer-encoding) AND status != 400