HTTP Agent Bypass Vulnerability in Request-Filtering-Agent by Azure
CVE-2025-57814

5.5MEDIUM

Key Information:

Vendor: Azu
Status: Request-filtering-agent
Vendor: CVE Published:; 25 August 2025

What is CVE-2025-57814?

The request-filtering-agent, commonly utilized to block requests to Private and Reserved IP addresses, exhibits a vulnerability in its implementation that affects versions 1.x.x and earlier. This vulnerability enables attackers to send HTTPS requests to the localhost IP address (127.0.0.1), effectively bypassing the intended IP address filtering mechanism. While the HTTP requests are correctly blocked, the failure to filter HTTPS can expose sensitive internal services running on the same machine, particularly when the application allows user-controlled URLs. This scenario poses significant risks, especially in environments where internal services rely solely on network-level security. It is crucial for users of the affected library to upgrade to version 2.0.0 or later to mitigate this risk.

Affected Version(s)

request-filtering-agent < 2.0.0

References

https://github.com/azu/request-filtering-agent/security/a...

x_refsource_CONFIRM

https://github.com/azu/request-filtering-agent-https127-test

x_refsource_MISC

CVSS V4

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 25, 2025
Vulnerability Reserved
Aug 20, 2025