Source: mitmproxy
X-Debbugs-CC:
[email protected]
Severity: grave
Tags: security
Hi,
The following vulnerability was published for mitmproxy.
CVE-2025-23217[0]:
| mitmproxy is a interactive TLS-capable intercepting HTTP proxy for
| penetration testers and software developers and mitmweb is a web-
| based interface for mitmproxy. In mitmweb 11.1.1 and below, a
| malicious client can use mitmweb's proxy server (bound to `*:8080`
| by default) to access mitmweb's internal API (bound to
| `127.0.0.1:8081` by default). In other words, while the cannot
| access the API directly, they can access the API through the proxy.
| An attacker may be able to escalate this SSRF-style access to remote
| code execution. The mitmproxy and mitmdump tools are unaffected.
| Only mitmweb is affected. This vulnerability has been fixed in
| mitmproxy 11.1.2 and above. Users are advised to upgrade. There are
| no known workarounds for this vulnerability.
https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-wg33-5h85-7q5p
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0]
https://security-tracker.debian.org/tracker/CVE-2025-23217
https://www.cve.org/CVERecord?id=CVE-2025-23217
Please adjust the affected versions in the BTS as needed.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)