CVE-2025-65328 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Mega-Fence (webgate-lib.*) 25.1.914 and prior trusts the first value of the X-Forwarded-For (XFF) header as the client IP without validating a trusted proxy cha…
Medium CVSS: 6.5

CVE-2025-65328

Mega-Fence (webgate-lib.*) 25.1.914 and prior trusts the first value of the X-Forwarded-For (XFF) header as the client IP without validating a trusted proxy chain. An attacker can supply an arbitrary XFF value in a remote request to spoof the client IP, which is then propagated to security-relevant state (e.g., WG_CLIENT_IP cookie). Deployments that rely on this value for IP allowlists may be bypassed.
Vendor
Mega-fence Project
Product
Mega-fence
CWE
CWE-807
Yayın Tarihi
2026-01-05 16:15:42
Güncelleme
2026-01-30 01:35:38
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-807 Mega-fence MEDIUM Mega-fence Project 2026

Referanslar

https://drive.proton.me/urls/MY05PVBFXG#xDd2Xqy98WM9 https://raw.githubusercontent.com/p1aintext/CVE/main/CVE-2025-65328.md