CVE-2025-32442

Published Apr 18, 2025

Last updated 2 months ago

CVSS high 7.5

Overview

Description
Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0, applications that specify different validation strategies for different content types have a possibility to bypass validation by providing a _slightly altered_ content type such as with different casing or altered whitespacing before `;`. This was patched in v5.3.1, but the initial patch did not cover all problems. This has been fully patched in v5.3.2. A workaround involves not specifying individual content types in the schema.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity
HIGH

Weaknesses

security-advisories@github.com
CWE-1287

Social media

Hype score
Not currently trending

  1. ๐Ÿšจ CVE-2025-32442 ๐Ÿ”ด HIGH (7.5) ๐Ÿข fastify - fastify ๐Ÿ—๏ธ >= 5.0.0, < 5.3.2 ๐Ÿ”— https://t.co/f0xg5KieNC ๐Ÿ”— https://t.co/6bm3D5DQvw ๐Ÿ”— https://t.co/1xdrcg41og ๐Ÿ”— https://t.co/hK8OBdSDtv #CyberCron #VulnAlert #InfoSec https://t.co/pMVVEGJ5XW

    @cybercronai

    20 Apr 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.