Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-57816

Good to know:

icon
icon

Date: September 8, 2025

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs rather than client IPs, and stores counters in-memory rather than in a shared store. This allows attackers to bypass intended rate limits and potentially cause denial of service. This vulnerability only affects deployments relying on Fides's built-in rate limiting for protection. Deployments using external rate limiting solutions (WAFs, API gateways, etc.) are not affected. Version 2.69.1 fixes the issue.

Severity Score

Related Resources (6)

https://github.com/ethyca/fides/commit/59903c195e2f9f8915a1db94950aefd557033a5c
https://nvd.nist.gov/vuln/detail/CVE-2025-57816
https://github.com/ethyca/fides/security/advisories/GHSA-fq34-xw6c-fphf
https://github.com/ethyca/fides
https://github.com/ethyca/fides/releases/tag/2.69.1
https://www.mend.io/vulnerability-database/CVE-2025-57816

Severity Score

Weakness Type (CWE)

Improper Restriction of Excessive Authentication Attempts

CWE-307

Allocation of Resources Without Limits or Throttling

CWE-770

Improper Control of Interaction Frequency

CWE-799

Top Fix

icon

Upgrade Version

Upgrade to version ethyca-fides - 2.69.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): LOW

Do you need more information?

Contact Us