CVE-2025-6504 – HDP Server IP Spoofing Via X-Forwarded-For Header

July 29, 2025

CVE ID : CVE-2025-6504

Published : July 29, 2025, 1:15 p.m. | 10 hours, 44 minutes ago

Description : In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing using the X-Forwarded-For header.

Since XFF is a client-controlled header, it could be spoofed, allowing unauthorized access if the spoofed IP matched a whitelisted range.

This vulnerability could be exploited to bypass IP restrictions, though valid user credentials would still be required for resource access.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6505 – Progress Software’s Hybrid Data Pipeline Server OAuth Client Impersonation and Unauthorized Access Vulnerability

Next Article CVE-2025-7689 – Hydra Booking WordPress Privilege Escalation

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Finally, a sleek gaming laptop I can take to the office (without sacrificing power)

These jobs face the highest risk of AI takeover, according to Microsoft

Apple’s tariff costs and iPhone sales are soaring – how long until device prices are too?

5 ways to successfully integrate AI agents into your workplace

Enhancing Laravel Queries with Reusable Scope Patterns

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

Everything We Know About Livewire 4

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

Sam Altman is afraid of OpenAI’s GPT-5 creation — “The Manhattan Project feels very fast, like there are no adults in the room”

9 new features that arrived on the Windows 11 Insider Program during the second half of July 2025

CVE-2025-6504 – HDP Server IP Spoofing Via X-Forwarded-For Header

This month in security with Tony Anscombe – July 2025 edition

WordPress AI Engine Plugin Bug Allows Remote Code Execution – Update Now

Rilasciata CachyOS Maggio 2025: Miglioramenti per GPU NVIDIA e Novità per il Gaming

Vanillin Market Benefits from Clean Label and Natural Ingredient Trends

CVE-2025-20988 – Qualcomm Fingerprint Trustlet OOB Read Vulnerability

CVE-2025-5424 – Juzaweb CMS Remote File Access Control Vulnerability

Microsoft AI system diagnoses complex cases better than human doctors – and for less money

CVE-2025-52556 – “rfc3161-client TSA Signature Validation Bypass”

CVE-2025-5894 – Honding Technology Smart Parking Management System Missing Authorization Privilege Escalation Vulnerability

Nuove funzionalità nei desktop Atomic di Fedora 42: GNOME 48, KDE Plasma 6.3, COSMIC e composefs

CVE-2025-6504 – HDP Server IP Spoofing Via X-Forwarded-For Header

Related Posts