CVE-2025-6504 – HDP Server IP Spoofing Via X-Forwarded-For Header

July 29, 2025

CVE ID : CVE-2025-6504

Published : July 29, 2025, 1:15 p.m. | 10 hours, 44 minutes ago

Description : In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing using the X-Forwarded-For header.

Since XFF is a client-controlled header, it could be spoofed, allowing unauthorized access if the spoofed IP matched a whitelisted range.

This vulnerability could be exploited to bypass IP restrictions, though valid user credentials would still be required for resource access.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6505 – Progress Software’s Hybrid Data Pipeline Server OAuth Client Impersonation and Unauthorized Access Vulnerability

Next Article CVE-2025-7689 – Hydra Booking WordPress Privilege Escalation

Highlights

CVE-2025-58159 – WeGIA Web Manager Remote Code Execution Vulnerability

August 29, 2025

CVE ID : CVE-2025-58159

Published : Aug. 29, 2025, 11:15 p.m. | 3 hours, 54 minutes ago

Description : WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allows an attacker to upload files with arbitrary filenames, including those with a .php extension. Because the uploaded file is written directly to disk without adequate sanitization or extension restrictions, a spreadsheet file followed by PHP code can be uploaded and executed on the server, leading to arbitrary code execution. This is due to insufficient mitigation of CVE-2025-22133. This issue has been patched in version 3.4.11.

Severity: 9.9 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

From Data To Decisions: UX Strategies For Real-Time Dashboards

Honeycomb launches AI observability suite for developers

Low-Code vs No-Code Platforms for Node.js: What CTOs Must Know Before Investing

ServiceNow unveils Zurich AI platform

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Distribution Release: Q4OS 6.1

Optimizely Mission Control – Part III

Optimizely Mission Control – Part III

Learning from PHP Log to File Example

Online EMI Calculator using PHP – Calculate Loan EMI, Interest, and Amortization Schedule

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

Dmitry — The Deep Magic

Right way to record and share our Terminal sessions

CVE-2025-6504 – HDP Server IP Spoofing Via X-Forwarded-For Header

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Genie 3: A new frontier for world models

Fortifying Ubuntu’s Root with sudo‑rs: How Rust Reinforces Privilege Escalation

Defending against Prompt Injection with Structured Queries (StruQ) and Preference Optimization (SecAlign)

Learn to Build a Multilayer Perceptron with Real-Life Examples and Python Code

CVE-2025-58159 – WeGIA Web Manager Remote Code Execution Vulnerability

Orbital Mechanics (or How I Optimized a CSS Keyframes Animation)

LockBit ransomware gang hacked, victim negotiations exposed

I went to KubeCon London thinking it had peaked, but I was so wrong. Here’s why

CVE-2025-6504 – HDP Server IP Spoofing Via X-Forwarded-For Header

Related Posts