CVE-2025-46814

3.4 LOW
Published: May 06, 2025 Modified: December 31, 2025
View on NVD

Description

FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. An HTTP header injection vulnerability has been identified in versions prior to 2.0.0. By manipulating the X-Forwarded-For header, an attacker can potentially inject arbitrary IP addresses into the request. This vulnerability can allow attackers to bypass IP-based access controls, mislead logging systems, and impersonate trusted clients. It is especially impactful when the application relies on the X-Forwarded-For header for IP-based authorization or authentication. Users should upgrade to FastAPI Guard version 2.0.0 to receive a fix.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/rennf93/fastapi-guard/commit/0b003fda4c678c1b514e95f319aee88113e9bf4b
Source: security-advisories@github.com
Patch
https://github.com/rennf93/fastapi-guard/security/advisories/GHSA-77q8-qmj7-x7pp
Source: security-advisories@github.com
Exploit Vendor Advisory

2 reference(s) from NVD

Quick Stats

CVSS v3 Score
3.4 / 10.0
EPSS (Exploit Probability)
0.1%
23th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-74

Affected Vendors

fastapi-guard

Related CVEs

CVE-2026-0824 3.5
CVE-2026-0822 6.3
CVE-2025-13393 4.3
CVE-2025-12379 6.4
CVE-2026-0821 7.3