CVE-2025-46814
HIGH EPSS 20.7%
Published May 6, 20251y ago · Modified Jun 17, 20261w ago
7.5 CVSS 3.1
Published May 6, 2025 1y ago
Last Modified Jun 17, 2026 1w ago
Description
FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. An HTTP header injection vulnerability has been identified in versions prior to 2.0.0. By manipulating the X-Forwarded-For header, an attacker can potentially inject arbitrary IP addresses into the request. This vulnerability can allow attackers to bypass IP-based access controls, mislead logging systems, and impersonate trusted clients. It is especially impactful when the application relies on the X-Forwarded-For header for IP-based authorization or authentication. Users should upgrade to FastAPI Guard version 2.0.0 to receive a fix.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity High
Availability None
Threat Intelligence
EPSS Exploit Probability
20.7% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-74
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| fastapi-guard | fastapi_guard | * | <2.0.0 |
References 2
- github.com https://github.com/rennf93/fastapi-guard/commit/0b003fda4c678c1b514e95f319aee88113e9bf4b
- github.com https://github.com/rennf93/fastapi-guard/security/advisories/GHSA-77q8-qmj7-x7pp
Remediation
- github.com https://github.com/rennf93/fastapi-guard/commit/0b003fda4c678c1b514e95f319aee88113e9bf4b