CVE Details
Basic Information
| Title | Possibilities of IP Spoofing via X-Forwarded-For (XFF) Header |
|---|---|
| Type | cve |
| Published | 2025-07-29T12:56:28.054Z |
| Modified | 2025-07-29T13:27:02.851Z |
Product Information
| Vendor | Progress Software |
|---|---|
| Product | Hybrid Data Pipeline |
| Version | 0 |
CVSS Information
| Base Score | 8.4 (HIGH) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H |
AI Analysis
| AI Description | A vulnerability in HDP Server allows IP spoofing via the X-Forwarded-For header, potentially bypassing IP restrictions. This could grant unauthorized access if the spoofed IP is within a whitelisted range, though valid credentials are still required. |
|---|---|
| AI Severity | High |
| AI Vendor | Progress Software |
| AI Product | Hybrid Data Pipeline |
| AI Version | versions below 4.6.2.2978 |
Affected Products
- Progress Software Hybrid Data Pipeline 0
Additional Information
| Source | ProgressSoftware |
|---|
Description
In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing using the X-Forwarded-For header. Since XFF is a client-controlled header, it could be spoofed, allowing unauthorized access if the spoofed IP matched a whitelisted range. This vulnerability could be exploited to bypass IP restrictions, though valid user credentials would still be required for resource access.