Home > Vulnerability Database > CVE-2025-54365

Mend.io Vulnerability Database

CVE-2025-54365

Good to know:

Date: July 23, 2025

fastapi-guard is a security library for FastAPI that provides middleware to control IPs, log requests, detect penetration attempts and more. In version 3.0.1, the regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this limit. This type of patch fails to detect cases in which the string representing the attributes of a <script> tag exceeds 100 characters. As a result, most of the regex patterns present in version 3.0.1 can be bypassed. This is fixed in version 3.0.2.

Severity Score

8.2

Related Resources (6)

Url: https://github.com/rennf93/fastapi-guard

Url: https://github.com/rennf93/fastapi-guard/security/advisories/GHSA-rrf6-pxg8-684g

Url: https://github.com/rennf93/fastapi-guard/commit/d9d50e8130b7b434cdc1b001b8cfd03a06729f7f

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-54365

Url: https://github.com/rennf93/fastapi-guard/commit/0829292c322d33dc14ab00c5451c5c138148035a

Url: https://www.mend.io/vulnerability-database/CVE-2025-54365

Severity Score

8.2

Weakness Type (CWE)

Incorrect Regular Expression

CWE-185

Improper Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version fastapi-guard - 3.0.2

Learn More

CVSS v3.1

Base Score:	8.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-54365

Good to know:

Date: July 23, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?