Executive Summary

Informations
Name CVE-2025-48865 First vendor Publication 2025-05-30
Vendor Cve Last vendor Modification 2025-06-04

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Overall CVSS Score 9.1
Base Score 9.1 Environmental Score 9.1
impact SubScore 5.2 Temporal Score 9.1
Exploitabality Sub Score 3.9
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Fabio is an HTTP(S) and TCP router for deploying applications managed by consul. Prior to version 1.6.6, Fabio allows clients to remove X-Forwarded headers (except X-Forwarded-For) due to a vulnerability in how it processes hop-by-hop headers. Fabio adds HTTP headers like X-Forwarded-Host and X-Forwarded-Port when routing requests to backend applications. Since the receiving application should trust these headers, allowing HTTP clients to remove or modify them creates potential security vulnerabilities. Some of these custom headers can be removed and, in certain cases, manipulated. The attack relies on the behavior that headers can be defined as hop-by-hop via the HTTP Connection header. This issue has been patched in version 1.6.6.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48865

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-345 Insufficient Verification of Data Authenticity

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Sources (Detail)

https://github.com/fabiolb/fabio/commit/fdaf1e966162e9dd3b347ffdd0647b39dc71a1a3
https://github.com/fabiolb/fabio/releases/tag/v1.6.6
https://github.com/fabiolb/fabio/security/advisories/GHSA-q7p4-7xjv-j3wf
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2025-06-05 00:20:38
  • Multiple Updates
2025-05-30 17:20:32
  • Multiple Updates
2025-05-30 13:20:39
  • First insertion