CVE-2025-66577
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-05

Last updated on: 2025-12-11

Assigner: GitHub, Inc.

Description
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can supply X-Forwarded-For or X-Real-IP headers which get accepted unconditionally by get_client_ip() in docker/main.cc, causing access and error logs (nginx_access_logger / nginx_error_logger) to record spoofed client IPs (log poisoning / audit evasion). This vulnerability is fixed in 0.27.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-05
Last Modified
2025-12-11
Generated
2026-06-16
AI Q&A
2025-12-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-66577
EUVD
EUVD-2025-201454
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
yhirose cpp-httplib to 0.27.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-807 The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.
CWE-117 The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in cpp-httplib prior to version 0.27.0 allows an attacker to supply HTTP headers like X-Forwarded-For or X-Real-IP that are accepted unconditionally by the get_client_ip() function. This causes the server to record spoofed client IP addresses in access and error logs, leading to log poisoning and audit evasion.

Mitigation Strategies

Upgrade cpp-httplib to version 0.27.0 or later, where this vulnerability is fixed.

Impact Analysis

The vulnerability can impact you by allowing attackers to spoof client IP addresses in server logs, which can lead to misleading or corrupted log data. This can hinder accurate tracking of user activity, complicate incident response, and allow attackers to evade detection or auditing mechanisms.

Compliance Impact

This vulnerability compromises the integrity and non-repudiation of audit trails by allowing log poisoning through spoofed client IP addresses. As a result, it can facilitate audit evasion and complicate forensic investigations, which negatively impacts compliance with standards and regulations such as GDPR and HIPAA that require accurate logging and reliable audit trails for security and accountability. [1]

Detection Guidance

This vulnerability can be detected by sending HTTP requests with spoofed `X-Forwarded-For` or `X-Real-IP` headers to the affected cpp-httplib server (versions ≀ 0.26.0) and then checking the server's access and error logs to see if the spoofed IP addresses appear. This demonstrates log poisoning and confirms the vulnerability. Example commands to test this could include using curl to send requests with spoofed headers, such as: curl -H "X-Forwarded-For: 1.2.3.4" http://<server-address>/ curl -H "X-Real-IP: 5.6.7.8" http://<server-address>/ After sending these requests, inspect the server logs (e.g., nginx access or error logs) for entries containing the spoofed IP addresses (1.2.3.4 or 5.6.7.8). If the logs contain these IPs, the vulnerability is present. This approach relies on the fact that the vulnerable `get_client_ip()` function unconditionally trusts these headers, causing log poisoning and audit evasion. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-66577. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart