CVE-2025-54365
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-23

Last updated on: 2025-10-09

Assigner: GitHub, Inc.

Description
fastapi-guard is a security library for FastAPI that provides middleware to control IPs, log requests, detect penetration attempts and more. In version 3.0.1, the regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this limit. This type of patch fails to detect cases in which the string representing the attributes of a <script> tag exceeds 100 characters. As a result, most of the regex patterns present in version 3.0.1 can be bypassed. This is fixed in version 3.0.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-23
Last Modified
2025-10-09
Generated
2026-05-07
AI Q&A
2025-07-24
EPSS Evaluated
2026-05-05
NVD
CVE-2025-54365
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
fastapi-guard fastapi_guard 3.0.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1333 The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
CWE-185 The product specifies a regular expression in a way that causes data to be improperly matched or compared.
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability in fastapi-guard version 3.0.1 involves a flawed regular expression patch intended to mitigate a Regular Expression Denial of Service (ReDoS) attack by limiting the length of input strings. However, this patch fails to detect inputs where the string representing the attributes of a <script> tag exceeds 100 characters. Consequently, most regex patterns designed to catch malicious inputs can be bypassed, allowing potentially harmful inputs to go undetected. This issue is fixed in version 3.0.2.


How can this vulnerability impact me? :

This vulnerability can allow attackers to bypass security controls in fastapi-guard that rely on regular expressions to detect malicious inputs, such as those attempting cross-site scripting (XSS) via <script> tags. By evading detection, attackers might execute unauthorized scripts or penetrate the application, potentially leading to data breaches, service disruption, or other security incidents.


What immediate steps should I take to mitigate this vulnerability?

Upgrade fastapi-guard to version 3.0.2 or later, as this version contains the fix for the vulnerability where regex patterns can be bypassed due to improper length checks on <script> tag attributes.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart