AI description
CVE-2025-58136 is a denial-of-service (DoS) vulnerability affecting Apache Traffic Server. This flaw stems from a bug in the server's POST request handling mechanism, specifically related to improper control flow implementation and the request buffering process. When certain conditions are met during the processing of POST requests, the server fails to handle the request state correctly, leading to a crash. Unauthenticated remote attackers can exploit this vulnerability by sending specially crafted POST requests over the network, causing Apache Traffic Server instances to terminate unexpectedly. This can disrupt service availability for organizations that rely on Apache Traffic Server for managing their web traffic. Affected versions include Apache Traffic Server 10.0.0 through 10.1.1 and 9.0.0 through 9.2.12.
- Description
- A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through 9.2.12. Users are recommended to upgrade to version 10.1.2 or 9.2.13, which fix the issue. A workaround for older versions is to set proxy.config.http.request_buffer_enabled to 0 (the default value is 0).
- Source
- security@apache.org
- NVD status
- Analyzed
- Products
- traffic_server
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- security@apache.org
- CWE-670
- Hype score
- Not currently trending
⚠️ Vulnerabilidades en productos Apache ❗ CVE-2025-65114 ❗ CVE-2025-58136 ➡️ Más info: https://t.co/iiFwh4FGXs https://t.co/0Cw71xkIId
@CERTpy
20 Apr 2026
161 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Apache Traffic Server の脆弱性 CVE-2025-58136/65114 が FIX:DoS と HTTP スマグリングの可能性 https://t.co/sYOX0OlolH Apache Traffic Server (ATS) の問題は、HTTP リクエストのメッセージ・ボディを処理する際の、サーバの仕組みに
@iototsecnews
13 Apr 2026
135 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical vulnerabilities in Apache Traffic Server (CVE-2025-58136 & CVE-2025-65114) can lead to DoS and request smuggling attacks. Upgrade to the latest versions now! Link: https://t.co/rzvnWItsqE #Security #Vulnerability #Cyberattack #Upgrade #Apache #Software #Internet #Thr
@dailytechonx
7 Apr 2026
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ **Vulnerability Alert:** Apache Traffic Server (CVE-2025-58136, CVE-2025-65114) and Dgraph Database (CVE-2026-34976) 📅 **Timeline:** Disclosure: 2026-04-06, Patch: 2026-04-06 🆔 **CVE-2026-34976** | 📊 CVSS: 10.0 (Critical 🔴) 🆔 **CVE-2025-58136** 🆔 **CVE-2
@syedaquib77
6 Apr 2026
103 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ **Vulnerability Alert:** Apache Traffic Server Denial-of-Service and Request Smuggling Vulnerabilities 📅 **Timeline:** Disclosure: 2026-04-02, Patch: 2026-04-02 🆔 **CVE-2025-58136** | 📊 CVSS: 7.5 (HIGH 🟠) | 📈 EPSS: 12.25% 🆔 **CVE-2025-65114** | 📊 CVSS
@syedaquib77
6 Apr 2026
114 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ **Vulnerability Alert:** Apache Traffic Server — two high-severity DoS / HTTP request smuggling vulnerabilities (CVE-2025-58136, CVE-2025-65114) 📅 **Timeline:** Disclosure: 2026-04-02, Patch: 2026-04-02 🆔 **CVE-2025-58136** | 📊 CVSS: 7.5 (HIGH 🟠) | 📈 EPSS
@syedaquib77
6 Apr 2026
111 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ **Vulnerability Alert:** Apache Traffic Server — Two high-severity DoS/request-smuggling vulnerabilities (CVE-2025-58136, CVE-2025-65114) 📅 **Timeline:** Disclosure: 2026-04-02, Patch: 2026-04-02 🆔 **CVE-2025-58136** | 📊 CVSS: 7.5 (HIGH 🟠) | 📈 EPSS: 12.25
@syedaquib77
6 Apr 2026
108 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Traffic Server fixes two CVSS 7.5 flaws (CVE-2025-58136 & CVE-2025-65114). Prevent DoS and request smuggling—update to 10.1.2 or 9.2.13 now! #ApacheTrafficServer #ATS #InfoSec #CyberSecurity #WebCache #RequestSmuggling #PatchAlert #SysAdmin https://t.co/i9XtjWdc2o h
@the_yellow_fall
3 Apr 2026
401 Impressions
1 Retweet
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Traffic Server (ATS) is vulnerable to HTTP requests with body https://t.co/cu38yEAVUg CVE-2025-58136: A simple legitimate POST request causes a crash CVE-2025-65114: Malformed chunked message body allows request smuggling
@oss_security
3 Apr 2026
528 Impressions
1 Retweet
7 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "361CCF7A-CB22-4074-A902-779476856482",
"versionEndExcluding": "9.2.13",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA23F0DC-E368-4327-87A1-A0DCD8553AFF",
"versionEndExcluding": "10.1.2",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]