CVE-2025-30221

CVSS 3.0 Score 4.3 of 10 (medium)

Details

Published Mar 27, 2025

CWE ID 113

Summary

CVE-2025-30221 is a vulnerability affecting Pitchfork, an HTTP server for Rack applications. Versions of Pitchfork prior to 0.11.0 are susceptible to HTTP Response Header Injection when used in combination with Rack 3. This issue allows malicious actors to inject malicious headers into the HTTP response, potentially leading to serious security consequences. No known workarounds are available, and the vulnerability was addressed in the release of Pitchfork 0.11.0.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Pitchfork

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/4eEqES
https://www.cve.org/CVERecord?id=CVE-2025-30221
https://nvd.nist.gov/vuln/detail/CVE-2025-30221

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2025-30221

CVSS 3.0 Score 4.3 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations