Here are some news items our team found interesting over the past week, which you might have missed.
- Developers using the Hono JavaScript web framework, which is rapidly gaining popularity, are affected by a High (CVSS 7.5) severity vulnerability (CVE-2025-58362) that can allow attackers to bypass access controls configured in application proxies (like Nginx’s location blocks) due to path parsing confusion. Hono versions from 4.8.0 are affected; upgrade to 4.9.6 or newer. If using a reverse proxy for access control, ensure it rejects malformed requests and keeps explicit location ACLs for admin/debug paths.
- Netty, a popular Java framework for high-performance network protocol servers, experienced a 0-day vulnerability disclsore related to request smuggling (CVE-2025-58056). Older versions through 4.1.124.Final, and newer versions 4.2.0.Alpha1 through 4.2.4.Final are impacted. The Netty team promptly responded to the disclosure and ensured advisories were issued. Upgrade to the patched Netty release noted in the advisory. Add normalization and disable legacy chunk extension handling in your reverse proxies to mitigate.
- Claude Code startup trust leads to code execution (GHSA-ph6w-f82w-28w6). The initial “trust this folder” prompt understated that agreeing allows execution of local files. Upgrade
@anthropic-ai/claude-codeto 1.0.87. Anthropic recommands you treat untrusted projects as hostile and run tools with least privilege; we wholeheartedly agree! See our previous work: Bypassing Claude Code: How Easy Is It to Trick an AI Security Reviewer?
Hono JavaScript web framework contributes to authentication bypass.
Developers using the Hono JavaScript web framework, which is rapidly gaining popularity, are affected by a High (CVSS 7.5) severity vulnerability (CVE-2025-58362) that can allow attackers to bypass access controls configured in application proxies (like Nginx’s location blocks) due to path parsing confusion. Hono versions from 4.8.0 are affected; upgrade to 4.9.6 or newer. If using a reverse proxy for access control, ensure it rejects malformed requests and keeps explicit location ACLs for admin/debug paths.
Zero Research Updates. Subscribe today!
The basis of the vulnerability seems to be erroneous logic during th e processing of URLs in getPath in the utils/url.ts file. The vulnerable implementation had assumptions about an absolute URI’s format that didn’t hold, and therefore it could incorrectly identify the “first / character” in URIs. Attackers could provide malicious, malformed URIs that would bypass some reverse proxy configurations, and the Hono framework would parse them as URLS having a path part starting with /admin/ or similar sensitive location: and the application will still return the sensitive data.
This can be mitigated by stronger reverse proxy configurations that block malformed URI/URL data, and of course can be repaired through upgrading Hono. The good news is that if you have a strong configuration in your reverse proxy, it may entirely remove the immediate risk posed by this vulnerability. So we recommend strengthinging reverse proxy configurations even if you upgrade to a fixed version of Hono. Not only will this help prevent risk in case of regressions, it will provide safey against other types of malformed-URI and related attacks.
Netty vulnerabile to funky chunk attacks leading to request smuggling
Netty, a popular Java framework for high-performance network protocol servers, experienced a 0-day vulnerability disclsore related to request smuggling (CVE-2025-58056). Older versions through 4.1.124.Final, and newer versions 4.2.0.Alpha1 through 4.2.4.Final are impacted. The Netty team promptly responded to the disclosure and ensured advisories were issued. Upgrade to the patched Netty release noted in the advisory. Add normalization and disable legacy chunk extension handling in your reverse proxies to mitigate.
Incorrect parsing of chunk extensions in netty-codec-http enabled HTTP request smuggling using a tactic sometimes called Funky Chunks, in which line terminations inside HTTP chunk extensions are misinterpreted twice, leading to reverse proxies and other similar systems “spilling over” the requests. Configuring reverse proxies (and any similar HTTP request forwarder/router system) to normalize requests – such as by rigorously supplying a Content-Length, normalizing line-ending characters, or removing unneeded chunk extensions and “spills” – significantly mitigates this entire class of attack.
Of interest is that this issue was disclosed responsibly to Netty, but (in the words of a Netty maintainer) “fell through the cracks”. Eventually, the discovering researcher published the vulnerability as a 0-day; this caught a Netty maintainer’s attention and the project moved quickly to address the situation and rectify the vulnerability.
Anthropic’s Claude Code warns about its warnings
Claude Code startup trust leads to code execution (GHSA-ph6w-f82w-28w6). The initial “trust this folder” prompt understated that agreeing allows execution of local files. Upgrade @anthropic-ai/claude-code to 1.0.87. Anthropic recommands you treat untrusted projects as hostile and run tools with least privilege; we wholeheartedly agree! See our previous work: Bypassing Claude Code: How Easy Is It to Trick an AI Security Reviewer?
The reporting researcher pointed out that Claude Code didn’t make their warning about the effects of “trusting” a local folder full of code, which is required for most of its useful functions and features. Anthropic agreed with that report, and our work on the topic demonstrates how easily malicious (or, in some cases, simply annoyed) developers can bypass Claude Code’s security reviews to sneak in malicious code. It’s important to understand the risks you accept when letting an AI agent trust a code repo, folder, or other content.
Zero Research Updates. Subscribe today!