CVE-2025-23217 — Vulnetix

CVE-2025-23217 PUBLISHED CVSS 8.199999809265137 HIGH

Mitmweb API Authentication Bypass Using Proxy Server

EPSS 3.58% · 88.0th percentile

Risk Scores

CVSS 4.0

8.199999809265137

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS Score

3.58%

88.0th percentile

Affected Products

Vendor	Product	Versions
PyPI	mitmproxy	0
mitmproxy	mitmproxy	< 11.1.2

Exploit Intelligence

CIRCL seen: CVE-2025-23217 (circl-sighting)
CIRCL seen: CVE-2025-23217 (circl-sighting)
CIRCL seen: CVE-2025-23217 (circl-sighting)
https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-wg33-5h85-7q5p (circl)
https://en.wikipedia.org/wiki/Server-side_request_forgery (circl)
https://github.com/mitmproxy/mitmproxy/blob/main/CHANGELOG.md#06-february-2025-mitmproxy-1112 (circl)

Timeline

Jan 21, 1970 Security Advisory
Feb 6, 2025 CVE Published
Feb 6, 2025 PoC Published
Feb 6, 2025 PoC Published
Feb 6, 2025 PoC Published
Feb 7, 2025 EPSS Score
Feb 22, 2025 EPSS Score
Mar 8, 2025 EPSS Score
Mar 23, 2025 EPSS Score
Mar 24, 2025 Coalition ESS Score
Apr 7, 2025 EPSS Score
Apr 22, 2025 EPSS Score

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›