Netty HTTP Codec Vulnerability: Data Exposure with Mismatched HTTP Headers

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Netty HTTP Codec Vulnerability: Data Exposure with Mismatched HTTP Headers

ROOT-APP-MAVEN-CVE-2025-67735

Summary

A security patch has been released for io.root.io.netty:netty-codec-http. If not updated, an attacker could potentially access sensitive data by exploiting a mismatch between HTTP headers. Update to a patched version to protect your system.

What to do

Update io.root.io.netty:netty-codec-http to version 4.1.118.Final-root.io.11.

Affected software

Vendor	Product	Affected versions	Fix available
–	io.root.io.netty:netty-codec-http	<= 4.1.118.Final-root.io.11	4.1.118.Final-root.io.11

Original title

CVE-2025-67735 in io.root.io.netty:netty-codec-http - Patched by Root

Original description

Root has patched CVE-2025-67735 in the io.root.io.netty:netty-codec-http package for Root:Maven. Multiple fixed versions available.

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 9 Apr 2026