How severe is CVE-2025-46814?

This vulnerability has a severity rating of LOW with a CVSS score of 3.4 out of 10.

What type of vulnerability is CVE-2025-46814?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2025-46814 - LOW Severity | CVSS 3.4

Vulnerability Description

FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. An HTTP header injection vulnerability has been identified in versions prior to 2.0.0. By manipulating the X-Forwarded-For header, an attacker can potentially inject arbitrary IP addresses into the request. This vulnerability can allow attackers to bypass IP-based access controls, mislead logging systems, and impersonate trusted clients. It is especially impactful when the application relies on the X-Forwarded-For header for IP-based authorization or authentication. Users should upgrade to FastAPI Guard version 2.0.0 to receive a fix.

Related Vulnerabilities

CVE-2019-1010310

LOW

CVSS:3.5(Low)

GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users...

CWE-742019

CVE-2019-11275

LOW

CVSS:3.5(Low)

Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0.22, versions 668.0.x prior to 668.0.21, versions 669.0.x prior to 669.0.13, and versions 670.0.x prior ...

CWE-742019

CVE-2022-31014

LOW

CVSS:3.5(Low)

Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The impact varies based on which commands are supported by the backen...

CWE-742022

CVE-2023-29383

LOW

CVSS:3.3(Low)

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user...

CWE-742023

CVE-2024-10926

MEDIUM

CVSS:3.5(Low)

A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /toggle_fold_panel.php of the component Tabelas Sect...

CWE-742024

CVE-2024-35777

LOW

CVSS:3.5(Low)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Automattic WooCommerce allows Content Spoofing.This issue affects WooCommerce: from ...

CWE-742024