anonhaven
Ad

CVE-2025-58136

HIGH CVSS 3.1: 7.5 EPSS 0.29%
Updated Apr 06, 2026
Apache
Parameter Value
CVSS 7.5 (HIGH)
Affected Versions 10.0.0 — 9.2.13
Fixed In 10.1.2
Type CWE-670
Vendor Apache
Public PoC No

A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through 9.2.12. Users are recommended to upgrade to version 10.1.2 or 9.2.13, which fix the issue.

A workaround for older versions is to set proxy.config.http.request_buffer_enabled to 0 (the default value is 0).

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-670

Vulnerable Products 2

Configuration From (including) Up to (excluding)
Apache Traffic_Server
cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
 9.0.0 9.2.13
Apache Traffic_Server
cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
 10.0.0 10.1.2

References 1

https://lists.apache.org/thread/2s11roxlv1j8ph6q52rqo1klvl01n14q
security@apache.org
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-25219

Apache

6.5

CVE-2025-54550

Apache

8.1

CVE-2026-31924

Apache

5.3

CVE-2026-31923

Apache

7.5

CVE-2026-31908

Apache

9.1