Login Sign Up

CVE-2022-25850

7.5 HIGH
SSRF

📋 TL;DR

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the hoppscotch/proxyscotch package when interceptor mode is set to proxy. It allows attackers to make the backend server send HTTP requests to arbitrary URLs, potentially leaking sensitive information from the server. Users of affected versions of the proxyscotch package are vulnerable.

💻 Affected Systems

Products:
  • github.com/hoppscotch/proxyscotch
Versions: All versions before 1.0.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability only triggers when interceptor mode is set to proxy.

📦 What is this software?

Proxyscotch by Proxyscotch Project

View all CVEs affecting Proxyscotch →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of backend server credentials, access to internal services, and data exfiltration from cloud metadata services or internal APIs.

🟠

Likely Case

Information disclosure from internal services, potential access to cloud metadata, and reconnaissance of internal network.

🟢

If Mitigated

Limited to port scanning and basic network reconnaissance if proper network segmentation and input validation are in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SSRF vulnerabilities are commonly exploited and require minimal technical skill when accessible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.0 and later

Vendor Advisory: https://github.com/hoppscotch/proxyscotch/commit/de67380f62f907f201d75854b76024ba4885fab7

Restart Required: Yes

Instructions:

1. Update package to version 1.0.0 or later using 'go get github.com/hoppscotch/proxyscotch@v1.0.0' 2. Rebuild and redeploy application 3. Restart services using the package

🔧 Temporary Workarounds

Disable proxy interceptor mode

all

Disable the vulnerable interceptor mode configuration

Set interceptor mode to any value other than 'proxy' in configuration

Implement URL validation

all

Add input validation to restrict URLs that can be requested

Implement allowlist of permitted domains/URLs in application code

🧯 If You Can't Patch

  • Implement network segmentation to restrict outbound connections from affected servers
  • Deploy web application firewall (WAF) rules to detect and block SSRF patterns

🔍 How to Verify

Check if Vulnerable:

Check go.mod or package dependencies for github.com/hoppscotch/proxyscotch version below 1.0.0

Check Version:

go list -m github.com/hoppscotch/proxyscotch

Verify Fix Applied:

Verify package version is 1.0.0 or higher using 'go list -m github.com/hoppscotch/proxyscotch'

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from backend server to internal IPs or cloud metadata endpoints
  • Requests to unexpected domains from server process

Network Indicators:

  • HTTP traffic from backend servers to internal network segments or cloud metadata services

SIEM Query:

source_ip=backend_server AND (dest_ip=169.254.169.254 OR dest_ip IN internal_ranges) AND protocol=http

📊 Metadata

CVE ID: CVE-2022-25850
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-918
Published: May 1, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-25850, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)