Security Advisory

CVE-2025-4600

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-16 13:47:45

Last updated 2025-09-08 09:48:16

Assigner Google

State PUBLISHED

Description

A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after a chunk, and is no longer exploitable. No action is required as Classic Application Load Balancer service after 2025-04-26 is not vulnerable.

← Browse all CVEs View on cve.org ↗