{"vulnerability": "cve-2025-4366", "sightings": [{"uuid": "48096574-f9fb-4a9c-8510-f4954c77f2a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4366", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqaygpccql42", "content": "", "creation_timestamp": "2025-05-28T20:00:17.340876Z"}, {"uuid": "42da2162-8e7f-4665-8961-ced69274d057", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4366", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq7qtdoytuv2", "content": "", "creation_timestamp": "2025-05-28T08:10:43.378416Z"}, {"uuid": "3a55e17e-40cc-43d4-921c-f1be54bdbd90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4366", "type": "seen", "source": "https://bsky.app/profile/cloudflare.social/post/3lpr777ouec2n", "content": "", "creation_timestamp": "2025-05-22T13:16:36.460037Z"}, {"uuid": "79b8c710-7c78-4383-b403-8046a0d46852", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4366", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lpskurx42h2r", "content": "", "creation_timestamp": "2025-05-23T02:18:08.733895Z"}, {"uuid": "3ac50415-9687-4064-9671-b35ea2c9a063", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4366", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114552400842390775", "content": "", "creation_timestamp": "2025-05-22T16:22:01.588597Z"}, {"uuid": "e47c24b6-551d-4e89-bd36-22b5f3db6d1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4366", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq6mjs7ka242", "content": "", "creation_timestamp": "2025-05-27T21:23:25.181183Z"}, {"uuid": "ce51891f-d859-4328-bc68-32b28f3f847e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4366", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lptg2bfgppd2", "content": "", "creation_timestamp": "2025-05-23T10:26:02.254866Z"}, {"uuid": "f91e632b-9cde-428c-91ea-de34c4fd237f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-4366", "type": "seen", "source": "https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3lptim3bsria2", "content": "", "creation_timestamp": "2025-05-23T11:10:38.539235Z"}, {"uuid": "576b3c31-4f19-4a82-8b8c-9a7ff0797a33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4366", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq2rzfkdizj2", "content": "", "creation_timestamp": "2025-05-26T08:49:21.007238Z"}, {"uuid": "01cca1a6-aec9-42ad-8f9a-9b0c0e505664", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4366", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq36jzqeknx2", "content": "", "creation_timestamp": "2025-05-26T12:31:39.518611Z"}, {"uuid": "63cdd794-ff97-4e1f-abb3-511f420f6b7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4366", "type": "seen", "source": "Telegram/b4G286gf4c4N1gVNDL3bOV9dh-zQD24vFIhVQTwrEBm8Wys", "content": "", "creation_timestamp": "2025-05-23T13:33:18.000000Z"}, {"uuid": "1f661b32-9202-4e2e-913b-bf36e47be7ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4366", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpu3wmcshma2", "content": "", "creation_timestamp": "2025-05-23T16:56:16.440800Z"}, {"uuid": "2ab3e0bd-6ec3-459d-984b-89cbb4a5b1c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4366", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpui4gengsc2", "content": "", "creation_timestamp": "2025-05-23T20:34:08.441444Z"}, {"uuid": "5eff5e11-0114-4996-8eaf-703ab336b781", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4366", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17318", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4366\n\ud83d\udd25 CVSS Score: 7.4 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: A request smuggling vulnerability identified within Pingora\u2019s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning.\n\nFixed in:\u00a0 https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff \n\nImpact: The issue could lead to request smuggling in cases where Pingora\u2019s proxying framework, pingora-proxy, is used for caching allowing an attacker to manipulate headers and URLs in subsequent requests made on the same HTTP/1.1 connection.\n\ud83d\udccf Published: 2025-05-22T15:50:20.789Z\n\ud83d\udccf Modified: 2025-05-22T15:50:20.789Z\n\ud83d\udd17 References:\n1. https://github.com/cloudflare/pingora", "creation_timestamp": "2025-05-22T16:44:24.000000Z"}]}