{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56603?format=json","vulnerability_id":"VCID-957h-4a8b-67dy","summary":"Mitmweb API Authentication Bypass Using Proxy Server\nIn mitmweb 11.1.0 and below, a malicious client can use mitmweb's proxy server (bound to `*:8080` by default) to access mitmweb's internal API (bound to `127.0.0.1:8081` by default). In other words, while the client cannot access the API directly (good), they can access the API through the proxy (bad). An attacker may be able to escalate this [SSRF](https://en.wikipedia.org/wiki/Server-side_request_forgery)-style access to remote code execution.\n\nThe mitmproxy and mitmdump tools are unaffected. Only mitmweb is affected. The `block_global` option, which is enabled by default, blocks connections originating from publicly-routable IP addresses in the proxy. The attacker needs to be in the same local network.","aliases":[{"alias":"CVE-2025-23217"},{"alias":"GHSA-wg33-5h85-7q5p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196255?format=json","purl":"pkg:deb/debian/mitmproxy@8.1.1-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mitmproxy@8.1.1-4"},{"url":"http://public2.vulnerablecode.io/api/packages/116418?format=json","purl":"pkg:deb/debian/mitmproxy@8.1.1-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mitmproxy@8.1.1-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/49576?format=json","purl":"pkg:pypi/mitmproxy@11.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qgvt-wb92-9kbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mitmproxy@11.1.2"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116417?format=json","purl":"pkg:deb/debian/mitmproxy@6.0.2-1?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8xbk-3z3r-nkfh"},{"vulnerability":"VCID-957h-4a8b-67dy"},{"vulnerability":"VCID-f126-n8nd-jfgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mitmproxy@6.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/195760?format=json","purl":"pkg:deb/debian/mitmproxy@6.0.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8xbk-3z3r-nkfh"},{"vulnerability":"VCID-957h-4a8b-67dy"},{"vulnerability":"VCID-f126-n8nd-jfgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mitmproxy@6.0.2-1"},{"url":"http://public2.vulnerablecode.io/api/packages/116415?format=json","purl":"pkg:deb/debian/mitmproxy@8.1.1-2?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-957h-4a8b-67dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mitmproxy@8.1.1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/195761?format=json","purl":"pkg:deb/debian/mitmproxy@8.1.1-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-957h-4a8b-67dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mitmproxy@8.1.1-2"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-23217","reference_id":"","reference_type":"","scores":[{"value":"0.03579","scoring_system":"epss","scoring_elements":"0.87971","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-23217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23217"},{"reference_url":"https://en.wikipedia.org/wiki/Server-side_request_forgery","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-06T19:15:53Z/"}],"url":"https://en.wikipedia.org/wiki/Server-side_request_forgery"},{"reference_url":"https://github.com/mitmproxy/mitmproxy","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mitmproxy/mitmproxy"},{"reference_url":"https://github.com/mitmproxy/mitmproxy/blob/main/CHANGELOG.md","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mitmproxy/mitmproxy/blob/main/CHANGELOG.md"},{"reference_url":"https://github.com/mitmproxy/mitmproxy/blob/main/CHANGELOG.md#06-february-2025-mitmproxy-1112","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-06T19:15:53Z/"}],"url":"https://github.com/mitmproxy/mitmproxy/blob/main/CHANGELOG.md#06-february-2025-mitmproxy-1112"},{"reference_url":"https://github.com/mitmproxy/mitmproxy/commit/fa89055e196d953f11fd241e36ee37858993486a","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mitmproxy/mitmproxy/commit/fa89055e196d953f11fd241e36ee37858993486a"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103701","reference_id":"1103701","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103701"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-23217","reference_id":"CVE-2025-23217","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-23217"},{"reference_url":"https://github.com/advisories/GHSA-wg33-5h85-7q5p","reference_id":"GHSA-wg33-5h85-7q5p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wg33-5h85-7q5p"},{"reference_url":"https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-wg33-5h85-7q5p","reference_id":"GHSA-wg33-5h85-7q5p","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-06T19:15:53Z/"}],"url":"https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-wg33-5h85-7q5p"}],"weaknesses":[{"cwe_id":288,"name":"Authentication Bypass Using an Alternate Path or Channel","description":"A product requires authentication, but the product has an alternate path or channel that does not require authentication."},{"cwe_id":441,"name":"Unintended Proxy or Intermediary ('Confused Deputy')","description":"The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-957h-4a8b-67dy"}