#VU125977 Improper Validation of Specified Type of Input in Fastify - CVE-2025-32442
Published: April 18, 2025 / Updated: April 14, 2026
Vulnerability identifier: #VU125977
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2025-32442
CWE-ID: CWE-1287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Fastify
Fastify
Software vendor:
fastify.io
fastify.io
Description
The vulnerability allows a remote attacker to bypass validation.
The vulnerability exists due to improper validation of syntactic correctness in content-type parsing when handling requests with slightly altered content-type values. A remote attacker can send a specially crafted request to bypass validation.
Only applications that define different validation strategies for different content types in the request body schema are affected.
Remediation
Install security update from vendor's website.