CVE-2025-30346
- Source
- https://cve.org/CVERecord?id=CVE-2025-30346
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30346.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-30346
- Aliases
- Downstream
- Related
- Published
- 2025-03-21T07:15:37.350Z
- Modified
- 2026-03-12T20:17:29.672113Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests.
- References
Affected packages
Git / github.com/varnishcache/varnish-cache
Affected versions
varnish-3.*
varnish-3.0.0-beta1
varnish-3.0.0-beta2
varnish-4.*
varnish-4.0.0
varnish-4.0.0-beta1
varnish-4.0.0-tp1
varnish-4.0.0-tp2
varnish-4.0.1
varnish-5.*
varnish-5.0.0
varnish-5.1.0
varnish-5.1.1
varnish-5.1.2
varnish-6.*
varnish-6.0.0
varnish-6.1.0
varnish-6.4.0
varnish-6.5.0
varnish-6.5.1
varnish-6.6.0
varnish-7.*
varnish-7.0.0
varnish-7.0.1
varnish-7.1.0
varnish-7.2.0
varnish-7.3.0
varnish-7.4.0
varnish-7.5.0
varnish-7.6.0
varnish-7.6.1
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30346.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.11-r1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.11-r2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.11-r3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.11-r4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.11-r5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.11-r6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.11-r7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.12-r1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.12-r2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.12-r3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.12-r4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.12-r5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.12-r6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.12-r7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.12-r8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.12-r9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.13-r1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.13-r2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.13-r3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.13-r4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.13-r5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.13-r6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.13-r7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.13-r8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.13-r9"
}
]
}
]
vanir_signatures
[
{
"signature_version": "v1",
"target": {
"file": "bin/varnishtest/vtc_http.c"
},
"source": "https://github.com/varnishcache/varnish-cache/commit/49168df457f8965fe5b3d257e95afaa2f41498c9",
"deprecated": false,
"digest": {
"line_hashes": [
"23622748511810100298892430565560418682",
"218839734523592776867766468661275010437",
"164416863857509784494032526117345070744",
"223724184333599709384384874797774510966",
"197875613171327800308645167251626441464",
"263293726540262616557466597721550093620",
"271820512147372279692875200570924420053"
],
"threshold": 0.9
},
"id": "CVE-2025-30346-367d39a1",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "bin/varnishtest/vtc_http2.c",
"function": "b64_settings"
},
"source": "https://github.com/varnishcache/varnish-cache/commit/49168df457f8965fe5b3d257e95afaa2f41498c9",
"deprecated": false,
"digest": {
"function_hash": "320899585599011995335457946287409436056",
"length": 956.0
},
"id": "CVE-2025-30346-99ef4ac7",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "bin/varnishtest/vtc_http2.c"
},
"source": "https://github.com/varnishcache/varnish-cache/commit/49168df457f8965fe5b3d257e95afaa2f41498c9",
"deprecated": false,
"digest": {
"line_hashes": [
"120248460162769918690912024032874919119",
"77104697107606013345318422003924957022",
"229700380975947820374920787836229443977",
"321786889213902170635439565983227828350",
"157674414179384749288192790946453512404",
"118266283243202144759254515689957791012",
"70255627731328964792477425442447516007"
],
"threshold": 0.9
},
"id": "CVE-2025-30346-ac6a0e80",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "bin/varnishtest/vtc_http.c",
"function": "cmd_http_upgrade"
},
"source": "https://github.com/varnishcache/varnish-cache/commit/49168df457f8965fe5b3d257e95afaa2f41498c9",
"deprecated": false,
"digest": {
"function_hash": "329224240331914269285633393671409497276",
"length": 968.0
},
"id": "CVE-2025-30346-b442b847",
"signature_type": "Function"
}
]