HTTP Agent Bypass Vulnerability in Request-Filtering-Agent by Azure
CVE-2025-57814

5.5MEDIUM

Key Information:

Vendor: Azu
Status: Request-filtering-agent
Vendor: CVE Published:; 25 August 2025

What is CVE-2025-57814?

The request-filtering-agent, commonly utilized to block requests to Private and Reserved IP addresses, exhibits a vulnerability in its implementation that affects versions 1.x.x and earlier. This vulnerability enables attackers to send HTTPS requests to the localhost IP address (127.0.0.1), effectively bypassing the intended IP address filtering mechanism. While the HTTP requests are correctly blocked, the failure to filter HTTPS can expose sensitive internal services running on the same machine, particularly when the application allows user-controlled URLs. This scenario poses significant risks, especially in environments where internal services rely solely on network-level security. It is crucial for users of the affected library to upgrade to version 2.0.0 or later to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

request-filtering-agent < 2.0.0

References

https://github.com/azu/request-filtering-agent/security/a...

x_refsource_CONFIRM

https://github.com/azu/request-filtering-agent-https127-test

x_refsource_MISC

CVSS V4

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Aug 25, 2025
Vulnerability Reserved
Aug 20, 2025

JSON

Azu

What is CVE-2025-57814?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.