CVE-2025-66577
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-05

Last updated on: 2025-12-11

Assigner: GitHub, Inc.

Description
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can supply X-Forwarded-For or X-Real-IP headers which get accepted unconditionally by get_client_ip() in docker/main.cc, causing access and error logs (nginx_access_logger / nginx_error_logger) to record spoofed client IPs (log poisoning / audit evasion). This vulnerability is fixed in 0.27.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-05
Last Modified
2025-12-11
Generated
2026-05-07
AI Q&A
2025-12-05
EPSS Evaluated
2026-05-05
NVD
CVE-2025-66577
EUVD
EUVD-2025-201454
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
yhirose cpp-httplib to 0.27.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-117 The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.
CWE-807 The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in cpp-httplib prior to version 0.27.0 allows an attacker to supply HTTP headers like X-Forwarded-For or X-Real-IP that are accepted unconditionally by the get_client_ip() function. This causes the server to record spoofed client IP addresses in access and error logs, leading to log poisoning and audit evasion.


What immediate steps should I take to mitigate this vulnerability?

Upgrade cpp-httplib to version 0.27.0 or later, where this vulnerability is fixed.


How can this vulnerability impact me? :

The vulnerability can impact you by allowing attackers to spoof client IP addresses in server logs, which can lead to misleading or corrupted log data. This can hinder accurate tracking of user activity, complicate incident response, and allow attackers to evade detection or auditing mechanisms.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

This vulnerability compromises the integrity and non-repudiation of audit trails by allowing log poisoning through spoofed client IP addresses. As a result, it can facilitate audit evasion and complicate forensic investigations, which negatively impacts compliance with standards and regulations such as GDPR and HIPAA that require accurate logging and reliable audit trails for security and accountability. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by sending HTTP requests with spoofed `X-Forwarded-For` or `X-Real-IP` headers to the affected cpp-httplib server (versions ≀ 0.26.0) and then checking the server's access and error logs to see if the spoofed IP addresses appear. This demonstrates log poisoning and confirms the vulnerability. Example commands to test this could include using curl to send requests with spoofed headers, such as: curl -H "X-Forwarded-For: 1.2.3.4" http://<server-address>/ curl -H "X-Real-IP: 5.6.7.8" http://<server-address>/ After sending these requests, inspect the server logs (e.g., nginx access or error logs) for entries containing the spoofed IP addresses (1.2.3.4 or 5.6.7.8). If the logs contain these IPs, the vulnerability is present. This approach relies on the fact that the vulnerable `get_client_ip()` function unconditionally trusts these headers, causing log poisoning and audit evasion. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart