cve/CVE-2025-22271.md at 7287accf6b3df6d7c9a1c39ba3edb78424a5b645

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-30 18:56:19 +00:00

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

The application or its infrastructure allows for IP address spoofing by providing its own value in the "X-Forwarded-For" header. Thus, the action logging mechanism in the application loses accountabilityThis issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer.

POC

Reference

No PoCs from references.

Github

https://github.com/DojoSecurity/DojoSecurity
https://github.com/Karmaz95/Credits
https://github.com/afine-com/research

1018 B Raw Blame History

CVE-2025-22271

Description

POC

Reference

Github

1018 B

Raw Blame History