CVE-2025-60876

CVE-2025-60876

Name

CVE-2025-60876

Description

BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20).

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	https://gist.github.com/subyumatest/41554af6a72aedaacaec026adc311092
cve@mitre.org	https://lists.busybox.net/pipermail/busybox/attachments/20250823/ccdc96ef/attachment-0001.htm
cve@mitre.org	https://lists.busybox.net/pipermail/busybox/attachments/20250828/e7f90492/attachment.htm

Type

URI

cve@mitre.org

https://gist.github.com/subyumatest/41554af6a72aedaacaec026adc311092

cve@mitre.org

https://lists.busybox.net/pipermail/busybox/attachments/20250823/ccdc96ef/attachment-0001.htm

cve@mitre.org

https://lists.busybox.net/pipermail/busybox/attachments/20250828/e7f90492/attachment.htm

CPE URI	Source package	Min version	Max version
	n/a	== n/a	== n/a
`cpe:2.3:a:busybox:busybox::::::::`	busybox	>= None	<= 1.37.0

CPE URI

Source package

Min version

Max version

n/a

== n/a

cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*

busybox

>= None

<= 1.37.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
busybox	edge-main	1.37.0-r31	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.37.0-r30	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.37.0-r29	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.37.0-r28	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.37.0-r27	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.37.0-r26	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.37.0-r25	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.37.0-r24	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.37.0-r23	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.37.0-r22	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.36.1-r32	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.36.1-r31	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.36.1-r30	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.36.1-r29	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.36.1-r28	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.36.1-r27	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.36.1-r26	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.36.1-r25	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.36.1-r2	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.35.0-r30	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.35.0-r29	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.35.0-r28	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.35.0-r27	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.35.0-r25	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.35.0-r24	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.35.0-r23	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.35.0-r22	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.35.0-r21	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.35.0-r20	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.35.0-r19	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.35.0-r18	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.35.0-r17	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.35.0-r16	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.35.0-r15	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.35.0-r14	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.35.0-r13	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.35.0-r12	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.35.0-r10	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.35.0-r7	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
busybox	edge-main	1.34.0_r0	None	possibly vulnerable
busybox	edge-main	1.34.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
busybox	edge-main	1.33.0-r5	None	possibly vulnerable
busybox	edge-main	1.30.1-r2	None	possibly vulnerable
busybox	edge-main	1.29.3-r10	None	possibly vulnerable
busybox	edge-main	1.28.3-r2	None	possibly vulnerable
busybox	edge-main	1.27.2-r4	None	possibly vulnerable
busybox	3.23-main	1.37.0-r30	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	3.22-main	1.37.0-r20	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	3.22-main	1.37.0-r19	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	3.22-main	1.36.1-r30	None	possibly vulnerable
busybox	3.22-main	1.36.1-r27	None	possibly vulnerable
busybox	3.22-main	1.36.1-r25	None	possibly vulnerable
busybox	3.22-main	1.36.1-r2	None	possibly vulnerable
busybox	3.22-main	1.35.0-r17	None	possibly vulnerable
busybox	3.22-main	1.35.0-r7	None	possibly vulnerable
busybox	3.22-main	1.34.0-r0	None	possibly vulnerable
busybox	3.22-main	1.33.0-r5	None	possibly vulnerable
busybox	3.22-main	1.30.1-r2	None	possibly vulnerable
busybox	3.22-main	1.29.3-r10	None	possibly vulnerable
busybox	3.22-main	1.28.3-r2	None	possibly vulnerable
busybox	3.22-main	1.27.2-r4	None	possibly vulnerable
busybox	3.21-main	1.37.0-r14	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	3.21-main	1.37.0-r13	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	3.21-main	1.36.1-r30	None	possibly vulnerable
busybox	3.21-main	1.36.1-r27	None	possibly vulnerable
busybox	3.21-main	1.36.1-r25	None	possibly vulnerable
busybox	3.21-main	1.36.1-r2	None	possibly vulnerable
busybox	3.21-main	1.35.0-r17	None	possibly vulnerable
busybox	3.21-main	1.35.0-r7	None	possibly vulnerable
busybox	3.21-main	1.34.0-r0	None	possibly vulnerable
busybox	3.21-main	1.33.0-r5	None	possibly vulnerable
busybox	3.21-main	1.30.1-r2	None	possibly vulnerable
busybox	3.21-main	1.29.3-r10	None	possibly vulnerable
busybox	3.21-main	1.28.3-r2	None	possibly vulnerable
busybox	3.21-main	1.27.2-r4	None	possibly vulnerable
busybox	3.20-main	1.36.1-r31	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	3.20-main	1.36.1-r30	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	3.20-main	1.36.1-r29	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	3.20-main	1.36.1-r28	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	3.20-main	1.36.1-r27	None	possibly vulnerable
busybox	3.20-main	1.36.1-r25	None	possibly vulnerable
busybox	3.20-main	1.36.1-r2	None	possibly vulnerable
busybox	3.20-main	1.35.0-r17	None	possibly vulnerable
busybox	3.20-main	1.35.0-r7	None	possibly vulnerable
busybox	3.20-main	1.34.0-r0	None	possibly vulnerable
busybox	3.20-main	1.33.0-r5	None	possibly vulnerable
busybox	3.20-main	1.30.1-r2	None	possibly vulnerable
busybox	3.20-main	1.29.3-r10	None	possibly vulnerable
busybox	3.20-main	1.28.3-r2	None	possibly vulnerable
busybox	3.20-main	1.27.2-r4	None	possibly vulnerable
busybox	3.19-main	1.36.1-r21	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	3.19-main	1.36.1-r20	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	3.19-main	1.36.1-r19	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	3.19-main	1.36.1-r18	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	3.19-main	1.36.1-r17	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	3.19-main	1.36.1-r16	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	3.19-main	1.36.1-r2	None	possibly vulnerable
busybox	3.19-main	1.35.0-r17	None	possibly vulnerable
busybox	3.19-main	1.35.0-r7	None	possibly vulnerable
busybox	3.19-main	1.34.0-r0	None	possibly vulnerable
busybox	3.19-main	1.33.0-r5	None	possibly vulnerable
busybox	3.19-main	1.30.1-r2	None	possibly vulnerable
busybox	3.19-main	1.29.3-r10	None	possibly vulnerable
busybox	3.19-main	1.28.3-r2	None	possibly vulnerable
busybox	3.19-main	1.27.2-r4	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages