Home > Vulnerability Database > CVE-2025-32442

Mend.io Vulnerability Database

CVE-2025-32442

Good to know:

Date: April 18, 2025

Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0, applications that specify different validation strategies for different content types have a possibility to bypass validation by providing a slightly altered content type such as with different casing or altered whitespacing before ";". This issue has been patched in version 5.3.1. A workaround involves not specifying individual content types in the schema.

Severity Score

7.5

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-32442

Url: https://github.com/fastify/fastify

Url: https://github.com/fastify/fastify/security/advisories/GHSA-mg2h-6x62-wpwc

Url: https://github.com/fastify/fastify/commit/f3d2bcb3963cd570a582e5d39aab01a9ae692fe4

Url: https://hackerone.com/reports/3087928

Url: https://github.com/fastify/fastify/commit/436da4c06dfbbb8c24adee3a64de0c51e4f47418

Url: https://www.mend.io/vulnerability-database/CVE-2025-32442

Severity Score

7.5

Weakness Type (CWE)

Improper Validation of Specified Type of Input

CWE-1287

Top Fix

Upgrade Version

Upgrade to version fastify - 5.3.2;fastify - 4.29.1;fastify - 5.3.2;fastify - 4.29.1;https://github.com/fastify/fastify.git - v5.3.2

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-32442

Good to know:

Date: April 18, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?