HTTP Header Injection Vulnerability in FastAPI Guard Security Library
CVE-2025-46814

3.4LOW

Key Information:

Vendor: Rennf93
Status: Fastapi-guard
Vendor: CVE Published:; 6 May 2025

What is CVE-2025-46814?

An HTTP header injection vulnerability has been identified in the FastAPI Guard security library, which is used to enhance security for FastAPI applications. This issue arises from the manipulation of the X-Forwarded-For header, potentially allowing attackers to inject arbitrary IP addresses into requests. Such manipulation can facilitate bypassing IP-based access control mechanisms, misleading logging systems, and impersonating trusted clients. It poses significant risks when applications depend on the X-Forwarded-For header for IP-based authorization or authentication processes. Users are strongly encouraged to upgrade to FastAPI Guard version 2.0.0 or later to address this vulnerability effectively.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

fastapi-guard < 2.0.0

References

https://github.com/rennf93/fastapi-guard/security/advisor...

x_refsource_CONFIRM

https://github.com/rennf93/fastapi-guard/commit/0b003fda4...

x_refsource_MISC

CVSS V3.1

Score:

3.4

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 6, 2025
Vulnerability Reserved
Apr 30, 2025

JSON

Rennf93