CVE-2025-32997: Medium severity http-proxy-middleware vulnerability
Published Apr 15, 2025
·Updated
In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed.
Affected Software
7 affected componentsFixes available
http-proxy-middleware http-proxy-middleware<2.0.9
http-proxy-middleware http-proxy-middleware>3.0.0<3.0.5
npm/http-proxy-middleware>=1.3.0<2.0.9
2.0.9
npm/http-proxy-middleware>=3.0.0<3.0.5
3.0.5
IBM Edge Application Manager<=4.5
Chimurai Http-proxy-middleware<2.0.9
Chimurai Http-proxy-middleware>=3.0.0<3.0.5
Remediation
Event History
Apr 15, 2025
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·03:15 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·03:15 AM
RemedyAffected Software
Advisory Published
via GitHub·03:30 AM
Aug 20, 2025
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-32997?
CVE-2025-32997 is classified as a moderate severity vulnerability due to potential impacts on data integrity.
2
How do I fix CVE-2025-32997?
To fix CVE-2025-32997, upgrade http-proxy-middleware to version 2.0.9 or 3.0.5 or higher.
3
What are the affected versions of http-proxy-middleware for CVE-2025-32997?
CVE-2025-32997 affects versions prior to 2.0.9 and versions between 3.0.0 and 3.0.4 of http-proxy-middleware.
4
What happens if I don't address CVE-2025-32997?
Failing to address CVE-2025-32997 may result in improper handling of request bodies, potentially compromising application functionality.
5
Is CVE-2025-32997 patched in future releases?
Yes, CVE-2025-32997 has been patched in version 2.0.9 and 3.0.5 of http-proxy-middleware.