Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-58068

Good to know:

icon
icon

Date: August 29, 2025

Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted attacks against active site users, and poison web caches. This problem has been patched in Eventlet 0.40.3 by dropping trailers which is a breaking change if a backend behind eventlet.wsgi proxy requires trailers. A workaround involves not using eventlet.wsgi facing untrusted clients.

Severity Score

Related Resources (7)

https://security-tracker.debian.org/tracker/CVE-2025-58068
https://github.com/eventlet/eventlet/pull/1062
https://github.com/eventlet/eventlet/commit/0bfebd1117d392559e25b4bfbfcc941754de88fb
https://github.com/eventlet/eventlet
https://github.com/eventlet/eventlet/security/advisories/GHSA-hw6f-rjfj-j7j7
https://nvd.nist.gov/vuln/detail/CVE-2025-58068
https://www.mend.io/vulnerability-database/CVE-2025-58068

Weakness Type (CWE)

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CWE-444

Top Fix

icon

Upgrade Version

Upgrade to version eventlet - 0.40.3

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us