ID
VAR-202505-2435
CVE
CVE-2025-4600
TITLE
Google Cloud Classic Application Load Balancer Input Validation Error Vulnerability
Trust: 0.6
DESCRIPTION
A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after a chunk, and is no longer exploitable. No action is required as Classic Application Load Balancer service after 2025-04-26 is not vulnerable. No detailed vulnerability details are currently provided
Trust: 1.44
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | model: | cloud classic application load balancer | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.0 |
PATCH
| title: | Patch for Google Cloud Classic Application Load Balancer Input Validation Error Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/693871 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-4600 | Trust: 1.6 |
| db: | CNVD | id: | CNVD-2025-11250 | Trust: 0.6 |
REFERENCES
| url: | https://cloud.google.com/support/bulletins#gcp-2025-027 | Trust: 1.0 |
| url: | https://cloud.google.com/support/bulletins#gcp | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2025-11250 |
| db: | NVD | id: | CVE-2025-4600 |
LAST UPDATE DATE
2025-06-04T22:42:18.511000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-11250 | date: | 2025-06-03T00:00:00 |
| db: | NVD | id: | CVE-2025-4600 | date: | 2025-05-16T14:42:18.700 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-11250 | date: | 2025-06-03T00:00:00 |
| db: | NVD | id: | CVE-2025-4600 | date: | 2025-05-16T14:15:32.580 |