HTTP Request Smuggling Using Chunk Extensions (CVE-2025-55315)

A deep dive into the ASP.NET Core recent disclosure

Executive Summary HTTP request smuggling remains one of the nastier protocol-level surprises: it happens when different components in the HTTP chain disagree about where one request ends and the n...

Published Nov 13, 2025

Version 1.0

f5 sirt

security

Hen_Golubenko

Employee

Joined July 14, 2025

View Profile

Juergen_Mang

MVP

Nov 17, 2025

Thanks for the analyses. This is a further example why HTTP/1 must die!

https://portswigger.net/research/http1-must-die

I wrote a community article about F5 Big-IP and HTTP/2:

The State Of HTTP/2 With F5 LTM | DevCentral

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

HTTP Request Smuggling Using Chunk Extensions (CVE-2025-55315)

A deep dive into the ASP.NET Core recent disclosure

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS