Vulnerability Details Title: Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust Severity: Moderate (5.3/10) CVE ID: CVE-2025-66577 Affected Versions: <=0.26.0 Patched Versions: 0.27.0 Vulnerability Description Description: Vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can supply X-Forwarded-For or X-Real-IP headers which get accepted unconditionally by in , causing access and error logs ( / ) to record spoofed client IPs (log poisoning / audit evasion). Worst Case Impact An unauthenticated remote attacker can cause persistent corruption of access/error logs by poisoning recorded client IPs via X-Forwarded-For/X-Real-IP, resulting in loss of trustworthy audit trails (integrity and non-repudiation broken). Vulnerability Class Information Trusting client-controlled HTTP headers as authoritative internal metadata or client address information is insecure. HTTP headers are trivially forgeable by remote clients and the header namespace can collide with server-inserted metadata. Without validation of forwarded headers, a trusted reverse-proxy boundary, removal of conflicting client-supplied headers, or a distinct namespace/api for internal metadata, attackers can spoof IP addresses or poison logs. Vulnerability Flow Analysis Step 1: - Affected File: - Code: accepts any header without validation. Step 2: - Affected File: - Code: Unconditional trust and insertion of REMOTE_ADDR, REMOTE_PORT, LOCAL_ADDR, LOCAL_PORT headers. Step 3: - Affected File: - Code: retrieves headers without validation. Example in Docker Step 1: - Affected File: - Code: retrieves and uses X-Forwarded-For/X-Real-IP headers without validation. Step 2: - Affected File: - Code: Logs client IP based on potentially spoofed header. Step 3: - Affected File: - Code: Logs errors based on potentially spoofed IP. Exploitation Guide Prerequisites: - Docker server as described. - Accepts arbitrary HTTP headers. - Network access. Part A: Log Poisoning - Steps 1-3: Consume service, send spoofed headers, verify logs reflect spoofed IPs. Remediation Approach 1. Sanitize Client Headers: Avoid untrusted headers. 2. Fix Header Processing Order: Clear duplicates, prioritize server headers. 3. Validate Forwarded Headers: Trust only from known proxies, validate content.