Home > Vulnerability Database > CVE-2025-46814

Mend.io Vulnerability Database

CVE-2025-46814

Good to know:

Date: May 6, 2025

FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. An HTTP header injection vulnerability has been identified in versions prior to 2.0.0. By manipulating the X-Forwarded-For header, an attacker can potentially inject arbitrary IP addresses into the request. This vulnerability can allow attackers to bypass IP-based access controls, mislead logging systems, and impersonate trusted clients. It is especially impactful when the application relies on the X-Forwarded-For header for IP-based authorization or authentication. Users should upgrade to FastAPI Guard version 2.0.0 to receive a fix.

Severity Score

3.4

Related Resources (4)

Url: https://github.com/rennf93/fastapi-guard/security/advisories/GHSA-77q8-qmj7-x7pp

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-46814

Url: https://github.com/rennf93/fastapi-guard/commit/0b003fda4c678c1b514e95f319aee88113e9bf4b

Url: https://www.mend.io/vulnerability-database/CVE-2025-46814

Severity Score

3.4

Weakness Type (CWE)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-74

Top Fix

Upgrade Version

Upgrade to version fastapi-guard - 2.0.0;https://github.com/rennf93/fastapi-guard.git - 2.0.0

Learn More

CVSS v3.1

Base Score:	3.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-46814

Good to know:

Date: May 6, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?