SSRF Vulnerability in mitmweb Affecting mitmproxy by Mitmproxy
CVE-2025-23217

8.2HIGH

Key Information:

Vendor

Mitmproxy

Status
Mitmproxy
Vendor
CVE Published:
6 February 2025

What is CVE-2025-23217?

A SSRF vulnerability exists in mitmweb versions 11.1.1 and earlier, enabling attackers to access the internal API through a compromised proxy server. This vulnerability could potentially allow attackers to escalate access to remote code execution. While mitmproxy and mitmdump tools remain unaffected, it is critical for users of mitmweb to upgrade to version 11.1.2 or higher to secure their systems, as no known workarounds are available.

Affected Version(s)

mitmproxy < 11.1.2

References

https://github.com/mitmproxy/mitmproxy/security/advisorie...
x_refsource_CONFIRM
https://en.wikipedia.org/wiki/Server-side_request_forgery
x_refsource_MISC
https://github.com/mitmproxy/mitmproxy/blob/main/CHANGELO...
x_refsource_MISC

CVSS V4

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.