CVE-2025-60876: BusyBox wget Header Injection Flaw
🟠High | Source: Microsoft Security Response Center A vulnerability in BusyBox wget versions up to 1.3.7 allows attackers to inject arbitrary HTTP headers by embedding carriage return, line feed, or other control characters into the URL path or query string — a technique known as HTTP response splitting or header injection. This can enable request smuggling, session hijacking, or cache poisoning depending on the backend infrastructure. Any Azure or cloud workload using an affected BusyBox version to make outbound HTTP requests may be at risk. ...