CVE-2025-57814 – Apache Request-Filtering-Agent SSRF Bypass

August 25, 2025

CVE ID : CVE-2025-57814

Published : Aug. 25, 2025, 10:15 p.m. | 3 hours, 41 minutes ago

Description : request-filtering-agent is an http(s).Agent implementation that blocks requests to Private/Reserved IP addresses. Versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering, while HTTP requests are correctly blocked. This allows attackers to potentially access internal HTTPS services running on localhost, bypassing the library’s SSRF protection. The vulnerability is particularly dangerous when the application accepts user-controlled URLs and internal services are only protected by network-level restrictions. This vulnerability has been fixed in request-filtering-agent version 2.0.0. Users should upgrade to version 2.0.0 or later.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-9421 – iSourcecode Apartment Management System SQL Injection Vulnerability

Next Article CVE-2025-9420 – iSourcecode Apartment Management System SQL Injection Vulnerability

Highlights

CVE-2025-43488 – Poly Clariti Manager XSS Bypass

July 22, 2025

CVE ID : CVE-2025-43488

Published : July 23, 2025, 12:15 a.m. | 21 minutes ago

Description : A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a bypass of the application’s XSS filter by submitting untrusted characters. HP has addressed the issue in the latest software update.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Optimizing PWAs For Different Display Modes

Node.js Web App Development Costs: A 2025 Executive Pricing Guide

Google locking down Android security with upcoming developer verification requirements for sideloaded apps

Microsoft donates DocumentDB to the Linux Foundation

Rediscovering joy in learning: Jason Lengstorf on the state of development

Representative Line: Not What They Meant By Watching “AndOr”

ChatGPT is reportedly scraping Google Search data to answer your questions – here’s how

The 10 best early Labor Day deals live now: Save on Apple, Samsung and more

Exploring the Future of React Native: Upcoming Features, and AI Integrations

Exploring the Future of React Native: Upcoming Features, and AI Integrations

Automating Azure Key Vault Secret and Certificate Expiry Monitoring with Azure Function App

Implementing Hybrid Search in Azure Cosmos DB: Combining Vectors and Keywords

Using Nightlight in Hyprland

Using Nightlight in Hyprland

GitHub Copilot for Azure Debuts in Visual Studio 2022

How to Enable HDR in Stalker 2 Step by Step

CVE-2025-57814 – Apache Request-Filtering-Agent SSRF Bypass

Yemen Cyber Army hacker jailed after stealing millions of people’s data

CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git

Microsoft Promotes Edge’s Features in a New Comparison Banner When You Search for Chrome on Bing

Repeating Image Transition

Decoding The SVG path Element: Curve And Arc Commands

Sense: ParrotCTF

CVE-2025-43488 – Poly Clariti Manager XSS Bypass

Rilasciata BleachBit 5.0: la nuova versione del software open source per la pulizia di sistema su GNU/Linux

Your Brother printer might have a critical security flaw – how to check and what to do next

Agent mode 101: All about GitHub Copilot’s powerful mode

CVE-2025-57814 – Apache Request-Filtering-Agent SSRF Bypass

Related Posts