Vulnerability Identifier
CVE-2025-67735
2025-12-16
Severity Assessment
6.5
MEDIUM
CVSS v3.x Score
Clinical Analysis (Description)
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when `HttpRequestEncoder` is used without proper sanitization of the URI. Any application / framework using `HttpRequestEncoder` can be subject to be abused to perform request smuggling using CRLF injection. Versions 4.1.129.Final and 4.2.8.Final fix the issue.
Vector Sequencing
Attack Parameters
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Impact Consequences
Technical Impact
Unchanged
Scope
Low
Confidentiality
Low
Integrity
None
Availability
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Population
Affected Configurations
Total: 255 detected entries
Software List
Scrollable
ne
netty
Vendor: netty • v4.1.108
ne
netty
Vendor: netty • v4.2.1
ne
netty
Vendor: netty • v3.9.7
ne
netty
Vendor: netty • v3.5.8
ne
netty
Vendor: netty • v4.1.66
ne
netty
Vendor: netty • v4.1.55
ne
netty
Vendor: netty • v4.1.63
ne
netty
Vendor: netty • v4.1.14
ne
netty
Vendor: netty • v3.9.5
ne
netty
Vendor: netty • v4.1.70
ne
netty
Vendor: netty • v4.0.39
ne
netty
Vendor: netty • v4.1.87
ne
netty
Vendor: netty • v3.8.1
ne
netty
Vendor: netty • v3.5.5
ne
netty
Vendor: netty • v4.1.56
ne
netty
Vendor: netty • v3.8.2
ne
netty
Vendor: netty • v4.1.104
ne
netty
Vendor: netty • v4.1.26
ne
netty
Vendor: netty • v4.0.33
ne
netty
Vendor: netty • v4.0.17
ne
netty
Vendor: netty • v3.4.0
ne
netty
Vendor: netty • v3.6.8
ne
netty
Vendor: netty • v4.1.120
ne
netty
Vendor: netty • v4.1.100
ne
netty
Vendor: netty • v4.0.53
ne
netty
Vendor: netty • v4.1.88
ne
netty
Vendor: netty • v4.0.51
ne
netty
Vendor: netty • v4.0.50
ne
netty
Vendor: netty • v4.2.0
ne
netty
Vendor: netty • v3.9.9
ne
netty
Vendor: netty • v4.1.18
ne
netty
Vendor: netty • v4.0.8
ne
netty
Vendor: netty • v3.9.1
ne
netty
Vendor: netty • v4.0.25
ne
netty
Vendor: netty • v4.0.52
ne
netty
Vendor: netty • v4.1.103
ne
netty
Vendor: netty • v4.1.4
ne
netty
Vendor: netty • v4.1.121
ne
netty
Vendor: netty • v4.1.21
ne
netty
Vendor: netty • v3.3.1
ne
netty
Vendor: netty • v4.0.44
ne
netty
Vendor: netty • v4.1.114
ne
netty
Vendor: netty • v4.1.106
ne
netty
Vendor: netty • v4.0.9
ne
netty
Vendor: netty • v4.1.5
ne
netty
Vendor: netty • v4.1.109
ne
netty
Vendor: netty • v4.1.34
ne
netty
Vendor: netty • v4.0.29
ne
netty
Vendor: netty • v3.6.0
ne
netty
Vendor: netty • v4.1.78
ne
netty
Vendor: netty • v4.0.35
ne
netty
Vendor: netty • v4.0.1
ne
netty
Vendor: netty • v4.1.98
ne
netty
Vendor: netty • v4.1.6
ne
netty
Vendor: netty • v3.2.9
ne
netty
Vendor: netty • v4.1.22
ne
netty
Vendor: netty • v4.1.58
ne
netty
Vendor: netty • v4.1.33
ne
netty
Vendor: netty • v4.1.61
ne
netty
Vendor: netty • v3.6.1
ne
netty
Vendor: netty • v4.1.31
ne
netty
Vendor: netty • v4.1.54
ne
netty
Vendor: netty • v3.2.8
ne
netty
Vendor: netty • v4.1.65
ne
netty
Vendor: netty • v3.10.6
ne
netty
Vendor: netty • v4.2.5
ne
netty
Vendor: netty • v4.1.8
ne
netty
Vendor: netty • v4.1.64
ne
netty
Vendor: netty • v4.0.40
ne
netty
Vendor: netty • v4.1.68
ne
netty
Vendor: netty • v3.7.1
ne
netty
Vendor: netty • v4.0.45
ne
netty
Vendor: netty • v4.1.10
ne
netty
Vendor: netty • v4.1.71
ne
netty
Vendor: netty • v4.1.15
ne
netty
Vendor: netty • v4.1.96
ne
netty
Vendor: netty • v4.1.122
ne
netty
Vendor: netty • v3.5.13
ne
netty
Vendor: netty • v4.1.49
ne
netty
Vendor: netty • v4.1.125
ne
netty
Vendor: netty • v4.2.3
ne
netty
Vendor: netty • v4.1.48
ne
netty
Vendor: netty • v4.1.126
ne
netty
Vendor: netty • v4.1.23
ne
netty
Vendor: netty • v3.6.4
ne
netty
Vendor: netty • v4.1.76
ne
netty
Vendor: netty • v4.1.116
ne
netty
Vendor: netty • v4.1.112
ne
netty
Vendor: netty • v4.0.41
ne
netty
Vendor: netty • v4.0.32
ne
netty
Vendor: netty • v4.1.86
ne
netty
Vendor: netty • v4.1.81
ne
netty
Vendor: netty • v4.1.79
ne
netty
Vendor: netty • v4.0.2
ne
netty
Vendor: netty • v3.5.3
ne
netty
Vendor: netty • v4.0.43
ne
netty
Vendor: netty • v4.1.80
ne
netty
Vendor: netty • v4.1.20
ne
netty
Vendor: netty • v4.0.42
ne
netty
Vendor: netty • v3.2.7
ne
netty
Vendor: netty • v4.1.40
ne
netty
Vendor: netty • v3.2.5
ne
netty
Vendor: netty • v3.9.8
ne
netty
Vendor: netty • v4.1.28
ne
netty
Vendor: netty • v3.9.4
ne
netty
Vendor: netty • v4.1.2
ne
netty
Vendor: netty • v4.0.21
ne
netty
Vendor: netty • v3.3.0
ne
netty
Vendor: netty • v4.1.39
ne
netty
Vendor: netty • v4.1.92
ne
netty
Vendor: netty • v4.0.13
ne
netty
Vendor: netty • v3.5.7
ne
netty
Vendor: netty • v3.6.10
ne
netty
Vendor: netty • v3.5.12
ne
netty
Vendor: netty • v4.0.31
ne
netty
Vendor: netty • v3.7.0
ne
netty
Vendor: netty • v4.1.1
ne
netty
Vendor: netty • v3.5.6
ne
netty
Vendor: netty • v3.6.7
ne
netty
Vendor: netty • v4.1.105
ne
netty
Vendor: netty • v4.2.2
ne
netty
Vendor: netty • v3.2.6
ne
netty
Vendor: netty • v3.5.9
ne
netty
Vendor: netty • v4.1.42
ne
netty
Vendor: netty • v4.1.37
ne
netty
Vendor: netty • v4.2.4
ne
netty
Vendor: netty • v4.1.119
ne
netty
Vendor: netty • v4.1.30
ne
netty
Vendor: netty • v4.0.23
ne
netty
Vendor: netty • v4.1.25
ne
netty
Vendor: netty • v4.1.69
ne
netty
Vendor: netty • v4.0.54
ne
netty
Vendor: netty • v4.0.15
ne
netty
Vendor: netty • v4.0.0
ne
netty
Vendor: netty • v4.1.107
ne
netty
Vendor: netty • v4.0.48
ne
netty
Vendor: netty • v4.1.101
ne
netty
Vendor: netty • v4.1.95
ne
netty
Vendor: netty • v4.1.57
ne
netty
Vendor: netty • v3.6.2
ne
netty
Vendor: netty • v3.9.6
ne
netty
Vendor: netty • v4.1.102
ne
netty
Vendor: netty • v4.1.117
ne
netty
Vendor: netty • v4.1.111
ne
netty
Vendor: netty • v3.4.4
ne
netty
Vendor: netty • v3.5.11
ne
netty
Vendor: netty • v4.0.16
ne
netty
Vendor: netty • v4.1.47
ne
netty
Vendor: netty • v3.6.3
ne
netty
Vendor: netty • v4.1.36
ne
netty
Vendor: netty • v4.0.5
ne
netty
Vendor: netty • v4.1.82
ne
netty
Vendor: netty • v3.6.6
ne
netty
Vendor: netty • v3.8.3
ne
netty
Vendor: netty • v4.1.73
ne
netty
Vendor: netty • v3.4.6
ne
netty
Vendor: netty • v3.10.1
ne
netty
Vendor: netty • v4.1.74
ne
netty
Vendor: netty • v4.1.35
ne
netty
Vendor: netty • v4.1.75
ne
netty
Vendor: netty • v4.0.10
ne
netty
Vendor: netty • v4.0.7
ne
netty
Vendor: netty • v3.5.0
ne
netty
Vendor: netty • v4.0.34
ne
netty
Vendor: netty • v3.5.1
ne
netty
Vendor: netty • v4.1.46
ne
netty
Vendor: netty • v3.4.1
ne
netty
Vendor: netty • v4.1.52
ne
netty
Vendor: netty • v4.0.12
ne
netty
Vendor: netty • v3.8.0
ne
netty
Vendor: netty • v4.0.37
ne
netty
Vendor: netty • v4.1.62
ne
netty
Vendor: netty • v3.9.3
ne
netty
Vendor: netty • v3.9.2
ne
netty
Vendor: netty • v4.0.46
ne
netty
Vendor: netty • v4.1.45
ne
netty
Vendor: netty • v4.0.47
ne
netty
Vendor: netty • v4.1.51
ne
netty
Vendor: netty • v3.4.3
ne
netty
Vendor: netty • v4.1.113
ne
netty
Vendor: netty • v4.0.26
ne
netty
Vendor: netty • v4.0.28
ne
netty
Vendor: netty • v3.2.10
ne
netty
Vendor: netty • v4.0.30
ne
netty
Vendor: netty • v4.1.7
ne
netty
Vendor: netty • v4.0.11
ne
netty
Vendor: netty • v4.1.27
ne
netty
Vendor: netty • v3.10.3
ne
netty
Vendor: netty • v4.1.38
ne
netty
Vendor: netty • v3.5.4
ne
netty
Vendor: netty • v4.1.83
ne
netty
Vendor: netty • v4.1.94
ne
netty
Vendor: netty • v4.1.11
ne
netty
Vendor: netty • v4.1.124
ne
netty
Vendor: netty • v4.1.84
ne
netty
Vendor: netty • v4.1.110
ne
netty
Vendor: netty • v4.1.13
ne
netty
Vendor: netty • v4.1.97
ne
netty
Vendor: netty • v4.0.19
ne
netty
Vendor: netty • v4.1.29
ne
netty
Vendor: netty • v4.1.59
ne
netty
Vendor: netty • v4.0.49
ne
netty
Vendor: netty • v4.0.36
ne
netty
Vendor: netty • v3.9.1.1
ne
netty
Vendor: netty • v4.0.56
ne
netty
Vendor: netty • v4.1.90
ne
netty
Vendor: netty • v4.0.14
ne
netty
Vendor: netty • v4.0.3
ne
netty
Vendor: netty • v4.0.6
ne
netty
Vendor: netty • v4.1.41
ne
netty
Vendor: netty • v3.10.0
ne
netty
Vendor: netty • v3.9.0
ne
netty
Vendor: netty • v4.0.38
ne
netty
Vendor: netty • v3.5.10
ne
netty
Vendor: netty • v4.1.24
ne
netty
Vendor: netty • v4.1.44
ne
netty
Vendor: netty • v4.1.3
ne
netty
Vendor: netty • v4.0.20
ne
netty
Vendor: netty • v4.0.55
ne
netty
Vendor: netty • v4.1.67
ne
netty
Vendor: netty • v4.1.89
ne
netty
Vendor: netty • v3.10.2
ne
netty
Vendor: netty • v4.1.91
ne
netty
Vendor: netty • v4.1.118
ne
netty
Vendor: netty • v4.1.115
ne
netty
Vendor: netty • v4.1.123
ne
netty
Vendor: netty • v4.1.93
ne
netty
Vendor: netty • v4.0.24
ne
netty
Vendor: netty • v4.1.16
ne
netty
Vendor: netty • v4.1.32
ne
netty
Vendor: netty • v4.1.72
ne
netty
Vendor: netty • v4.0.22
ne
netty
Vendor: netty • v4.0.27
ne
netty
Vendor: netty • v3.4.5
ne
netty
Vendor: netty • v4.1.85
ne
netty
Vendor: netty • v3.6.5
ne
netty
Vendor: netty • v3.2.4
ne
netty
Vendor: netty • v4.1.53
ne
netty
Vendor: netty • v3.6.9
ne
netty
Vendor: netty • v4.1.60
ne
netty
Vendor: netty • v3.10.5
ne
netty
Vendor: netty • v4.1.77
ne
netty
Vendor: netty • v4.0.4
ne
netty
Vendor: netty • v4.1.17
ne
netty
Vendor: netty • v4.1.9
ne
netty
Vendor: netty • v4.1.19
ne
netty
Vendor: netty • v4.1.12
ne
netty
Vendor: netty • v3.10.4
ne
netty
Vendor: netty • v4.0.18
ne
netty
Vendor: netty • v4.1.0
ne
netty
Vendor: netty • v4.1.99
ne
netty
Vendor: netty • v4.1.50
ne
netty
Vendor: netty • v3.5.2
ne
netty
Vendor: netty • v3.4.2
ne
netty
Vendor: netty • v4.1.43
Timeline
Time Line
PUBLICATION
16 Dec 2025
MODIFICATION
02 Jan 2026
FIRST PATCH
21 Apr 2026
Impact Statistics
Key Metrics
CVSS Score
6.5
MEDIUM
Products
255
Affected
Patches
3
Available
Remediation Protocol
Recommended Solution
No automatic solution found. Check vendor references.
Recommended Actions for Administrators
Immediate Action Plan
1. Inventory
Identify all affected systems in your infrastructure.
2. Assessment
Assess exposure and criticality for your organization.
3. Mitigation
Apply patches or available workarounds.
4. Verification
Test and confirm effectiveness of applied measures.
Sources & Bibliography