Login Sign Up

CVE-2025-54365

7.5 HIGH

📋 TL;DR

CVE-2025-54365 is a regular expression denial-of-service (ReDoS) vulnerability in fastapi-guard version 3.0.1 where the patch limiting string length fails to properly handle <script> tag attributes exceeding 100 characters, allowing attackers to bypass security patterns. This affects FastAPI applications using fastapi-guard 3.0.1 for security middleware. Attackers could potentially bypass IP controls, logging, and penetration detection mechanisms.

💻 Affected Systems

Products:
  • fastapi-guard
Versions: Version 3.0.1 only
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using fastapi-guard middleware with default or custom regex patterns for security filtering.

📦 What is this software?

Fastapi Guard by Fastapi Guard

View all CVEs affecting Fastapi Guard →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete bypass of fastapi-guard security controls leading to unauthorized access, successful penetration attempts, and denial-of-service through regex processing overhead.

🟠

Likely Case

Partial bypass of security patterns allowing some malicious requests to evade detection while others are still caught.

🟢

If Mitigated

Minimal impact with proper input validation and request filtering at additional layers.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires crafting HTTP requests with specific <script> tag attributes exceeding 100 characters to trigger regex bypass.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.2

Vendor Advisory: https://github.com/rennf93/fastapi-guard/security/advisories/GHSA-rrf6-pxg8-684g

Restart Required: Yes

Instructions:

1. Update fastapi-guard: pip install fastapi-guard==3.0.2 2. Restart your FastAPI application 3. Verify the update with pip show fastapi-guard

🔧 Temporary Workarounds

Input Length Validation

all

Implement additional input validation to reject requests with <script> tag attributes exceeding 100 characters

WAF Rule

all

Configure web application firewall to block requests with suspicious <script> tag patterns

🧯 If You Can't Patch

  • Implement rate limiting to prevent automated exploitation attempts
  • Deploy additional security layers like reverse proxies with pattern matching

🔍 How to Verify

Check if Vulnerable:

Check fastapi-guard version: pip show fastapi-guard | grep Version

Check Version:

pip show fastapi-guard | grep Version

Verify Fix Applied:

Confirm version is 3.0.2 or higher and test with crafted requests containing long <script> attributes

📡 Detection & Monitoring

Log Indicators:

  • Unusual number of requests with long <script> tag attributes
  • Requests bypassing expected security patterns

Network Indicators:

  • HTTP requests containing <script> tags with attributes exceeding 100 characters
  • Increased response times from regex processing

SIEM Query:

source="application_logs" AND ("<script" AND LENGTH(attributes) > 100) OR "bypass" AND "fastapi-guard"

📊 Metadata

CVE ID: CVE-2025-54365
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-20
EPSS Score: 0.13% exploit probability (32.7th percentile)
Published: July 23, 2025
Last Updated: October 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54365, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)