CVE-2025-67735

MEDIUM

Security Bulletin:Vulnerabilities in Netty affects IBM Netezza Appliance

Details

CVSS v3: 6.5
NVD published: 2025-12-16 01:15:52
EPSS: <0.1% probability · 7.7th percentile — 2026-04-14
Affected versions: cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*
Summary: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when `HttpRequestEncoder` is used without proper sanitization of the URI. Any application / framework using `HttpRequestEncoder` can be subject to be abused to perform request smuggling using CRLF injection. Versions 4.1.129.Final and 4.2.8.Final fix the issue.
Remediation: Not available in our cache.
Exploit info: https://github.com/netty/netty/security/advisories/GHSA-84h7-rjj3-6jx4

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.