### Key Information #### Vulnerability Overview - **Vulnerability Type**: SSRF Bypass via HTTPS Requests to 127.0.0.1 - **Affected Versions**: <2.0.0 - **Fixed Version**: 2.0.0 - **Severity**: High - **CVE ID**: CVE-2025-57814 - **Weakness**: CWE-918 #### Description - **Issue**: Versions 1.x.x and earlier of `request-filtering-agent` contain a vulnerability that allows HTTPS requests to `127.0.0.1` to bypass IP address filtering, while HTTP requests are correctly blocked. #### Impact - **Vulnerable Patterns**: - `https://127.0.0.1:443/api` - `https://127.0.0.1:8443/admin` - Any HTTPS request using direct IP address `https://127.0.0.1` - **Primary Impact**: Services using self-signed certificates. #### Not Affected Cases - `http://127.0.0.1:80/api` - HTTP requests are correctly blocked - `https://localhost:443/api` - Domain-based requests trigger DNS lookup and are blocked - `http://localhost:80/api` - Domain-based HTTP requests are blocked - Requests to other private IPs such as 192.168.x.x, 10.x.x.x, 172.16.x.x #### Mitigation - **Fixed Version**: 2.0.0 - **Root Cause**: The HTTPS proxy cannot validate direct IP addresses (e.g., `https://127.0.0.1`) during TLS handshake setup, leading to bypass of security filters. #### Links - [Details](https://github.com/azu/request-filtering-agent-https127-test)