The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
Published: 2025-04-08
CVSS: 9.1
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Download Exploit for CVE-2025-22871 here:
Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.
https://augustaverburg.nl/exploit-806-cve-2024-46982/
https://augustaverburg.nl/exploit-315-cve-2025-21590/
https://augustaverburg.nl/exploit-609-cve-2023-29017/
https://augustaverburg.nl/exploit-156-cve-2016-1555/
https://augustaverburg.nl/exploit-429-cve-2023-21659/