CVE-2025-67735 – This CVE describes a CRLF injection vulnerabili... (How to Fix)

Q: What is the severity of CVE-2025-67735?

CVE-2025-67735 has a CVSS score of 6.5 (MEDIUM). This CVE describes a CRLF injection vulnerability in Netty's HttpRequestEncoder that allows request smuggling. Attackers can inject malicious content into HTTP requests to bypass security controls or poison caches. Any application or framework using HttpRequestEncoder without proper URI sanitization is affected.

📋 TL;DR

This CVE describes a CRLF injection vulnerability in Netty's HttpRequestEncoder that allows request smuggling. Attackers can inject malicious content into HTTP requests to bypass security controls or poison caches. Any application or framework using HttpRequestEncoder without proper URI sanitization is affected.

💻 Affected Systems

Products:

Netty

Versions: All versions prior to 4.1.129.Final and 4.2.8.Final

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects applications using HttpRequestEncoder without proper URI sanitization. Applications using other encoders or with proper input validation may not be vulnerable.

📦 What is this software?

Netty by Netty

View all CVEs affecting Netty →

Netty by Netty

View all CVEs affecting Netty →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could perform request smuggling to bypass security controls, poison caches, perform web cache poisoning, or conduct cross-user attacks in multi-user applications.

🟠

Likely Case

Request smuggling leading to cache poisoning, security control bypass, or injection of malicious content into HTTP responses.

🟢

If Mitigated

Limited impact with proper input validation and sanitization in place, though the underlying vulnerability remains.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires understanding of HTTP request smuggling techniques and CRLF injection. The advisory provides technical details but no public exploit code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.1.129.Final or 4.2.8.Final

Vendor Advisory: https://github.com/netty/netty/security/advisories/GHSA-84h7-rjj3-6jx4

Restart Required: Yes

Instructions:

1. Identify Netty version in your application. 2. Update Netty dependency to 4.1.129.Final (for 4.1.x) or 4.2.8.Final (for 4.2.x). 3. Rebuild and redeploy application. 4. Restart affected services.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and sanitization of HTTP request URIs before they reach HttpRequestEncoder.

WAF Configuration

all

Configure Web Application Firewall to detect and block CRLF injection attempts in HTTP requests.

🧯 If You Can't Patch

Implement strict input validation and sanitization of all HTTP request URIs
Deploy WAF with CRLF injection detection rules and monitor for suspicious patterns

🔍 How to Verify

Check if Vulnerable:

Check Netty version in your application dependencies. If using Maven: mvn dependency:tree | grep netty. If using Gradle: gradle dependencies | grep netty.

Check Version:

For Java applications: System.out.println(io.netty.util.Version.identify());

Verify Fix Applied:

Verify Netty version is 4.1.129.Final or higher (for 4.1.x) or 4.2.8.Final or higher (for 4.2.x) after update.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP request patterns with CRLF sequences in URIs
Multiple requests with same parameters but different outcomes
Cache poisoning indicators

Network Indicators:

HTTP requests containing %0D%0A or \r\n sequences in URIs
Request smuggling patterns in HTTP traffic

SIEM Query:

http.uri contains "%0D%0A" OR http.uri contains "\r\n"

📊 Metadata

CVE ID: CVE-2025-67735

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-93

EPSS Score: 0.03% exploit probability (6.8th percentile)

Published: December 16, 2025

Last Updated: January 2, 2026

🔗 References

https://github.com/netty/netty/security/advisories/GHSA-84h7-rjj3-6jx4 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67735, you might also want to check these: