CVE-2025-23217 : Détail

CVE-2025-23217

8.2
/
Haute
A07-Identif. and Authent. FailA01-Broken Access Control
0.05%V3
Network
2025-02-06
17h32 +00:00
2025-02-12
19h51 +00:00
CVE.org
NVD
Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Gestion des notifications

Descriptions du CVE

Mitmweb API Authentication Bypass Using Proxy Server

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server (bound to `*:8080` by default) to access mitmweb's internal API (bound to `127.0.0.1:8081` by default). In other words, while the cannot access the API directly, they can access the API through the proxy. An attacker may be able to escalate this SSRF-style access to remote code execution. The mitmproxy and mitmdump tools are unaffected. Only mitmweb is affected. This vulnerability has been fixed in mitmproxy 11.1.2 and above. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Informations du CVE

Faiblesses connexes

CWE-ID Nom de la faiblesse Source
CWE-288 Authentication Bypass Using an Alternate Path or Channel
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
CWE-441 Unintended Proxy or Intermediary ('Confused Deputy')
The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.

Métriques

Métriques Score Gravité CVSS Vecteur Source
V4.0 8.2 HIGH CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Base: Exploitabilty Metrics

The Exploitability metrics reflect the characteristics of the “thing that is vulnerable”, which we refer to formally as the vulnerable system.

Attack Vector

This metric reflects the context by which vulnerability exploitation is possible.

Network

The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers).

Attack Complexity

This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit.

Low

The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system.

Attack Requirements

This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.

Present

The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack. These include: A race condition must be won to successfully exploit the vulnerability. The successfulness of the attack is conditioned on execution conditions that are not under full control of the attacker. The attack may need to be launched multiple times against a single target before being successful. Network injection. The attacker must inject themselves into the logical network path between the target and the resource requested by the victim (e.g. vulnerabilities requiring an on-path attacker).

Privileges Required

This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability.

None

The attacker is unauthenticated prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack.

User Interaction

This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system.

None

The vulnerable system can be exploited without interaction from any human user, other than the attacker. Examples include: a remote attacker is able to send packets to a target system a locally authenticated attacker executes code to elevate privileges

Base: Impact Metrics

The Impact metrics capture the effects of a successfully exploited vulnerability. Analysts should constrain impacts to a reasonable, final outcome which they are confident an attacker is able to achieve.

Confidentiality Impact

This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability.

High

There is a total loss of confidentiality, resulting in all information within the Vulnerable System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server.

Integrity Impact

This metric measures the impact to integrity of a successfully exploited vulnerability.

None

There is no loss of integrity within the Vulnerable System.

Availability Impact

This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.

None

There is no impact to availability within the Vulnerable System.

Sub Confidentiality Impact

Negligible

There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System.

Sub Integrity Impact

None

There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System.

Sub Availability Impact

None

There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System.

Threat Metrics

The Threat metrics measure the current state of exploit techniques or code availability for a vulnerability.

Environmental Metrics

These metrics enable the consumer analyst to customize the resulting score depending on the importance of the affected IT asset to a user’s organization, measured in terms of complementary/alternative security controls in place, Confidentiality, Integrity, and Availability. The metrics are the modified equivalent of Base metrics and are assigned values based on the system placement within organizational infrastructure.

Supplemental Metrics

Supplemental metric group provides new metrics that describe and measure additional extrinsic attributes of a vulnerability. While the assessment of Supplemental metrics is provisioned by the provider, the usage and response plan of each metric within the Supplemental metric group is determined by the consumer.

EPSS

EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.

Score EPSS

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Percentile EPSS

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
EPSS First.org

Références