UBUNTU-CVE-2025-66570

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-66570

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-66570.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-66570

Upstream

CVE-2025-66570

Downstream

USN-7962-1

Related

USN-7962-1

Published

2025-12-05T19:15:00Z

Modified

2026-02-04T02:24:21.578833Z

Severity

10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS Calculator
9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Ubuntu - high

Summary

[none]

Details

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTEADDR, REMOTEPORT, LOCALADDR, LOCALPORT that are parsed into the request header multimap via readheaders() in httplib.h (headers.emplace), then the server later appends its own internal metadata using the same header names in Server::processrequest without erasing duplicates. Because Request::getheadervalue returns the first entry for a header key (id == 0) and the client-supplied headers are parsed before server-inserted headers, downstream code that uses these header names may inadvertently use attacker-controlled values. Affected files/locations: cpp-httplib/httplib.h (readheaders, Server::processrequest, Request::getheadervalue, getheadervalueu64) and cpp-httplib/docker/main.cc (getclientip, nginxaccesslogger, nginxerror_logger). Attack surface: attacker-controlled HTTP headers in incoming requests flow into the Request.headers multimap and into logging code that reads forwarded headers, enabling IP spoofing, log poisoning, and authorization bypass via header shadowing. This vulnerability is fixed in 0.27.0.

References

Affected packages

Ubuntu:Pro:22.04:LTS / cpp-httplib

Package

Name: cpp-httplib
Purl: pkg:deb/ubuntu/cpp-httplib@0.10.3+ds-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.10.3+ds-1ubuntu0.1~esm1

Affected versions

0.*

0.9.9+ds-1

0.9.10+ds-1

0.10.1+ds-1

0.10.2+ds-1

0.10.3+ds-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libcpp-httplib-dev",
            "binary_version": "0.10.3+ds-1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libcpp-httplib0",
            "binary_version": "0.10.3+ds-1ubuntu0.1~esm1"
        }
    ],
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "priority_reason": "remote auth bypass, log injection"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-66570.json"

Ubuntu:Pro:24.04:LTS / cpp-httplib

Package

Name: cpp-httplib
Purl: pkg:deb/ubuntu/cpp-httplib@0.14.3+ds-1.1ubuntu0.1~esm1?arch=source&distro=esm-apps/noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.14.3+ds-1.1ubuntu0.1~esm1

Affected versions

0.*

0.13.1+ds-1ubuntu1

0.14.3+ds-1

0.14.3+ds-1.1

0.14.3+ds-1.1build1

0.14.3+ds-1.1build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libcpp-httplib-dev",
            "binary_version": "0.14.3+ds-1.1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libcpp-httplib0.14t64",
            "binary_version": "0.14.3+ds-1.1ubuntu0.1~esm1"
        }
    ],
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "priority_reason": "remote auth bypass, log injection"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-66570.json"

Ubuntu:25.10 / cpp-httplib

Package

Name: cpp-httplib
Purl: pkg:deb/ubuntu/cpp-httplib@0.18.7-1ubuntu0.25.10.1?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.18.7-1ubuntu0.25.10.1

Affected versions

0.*

0.18.7-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libcpp-httplib-dev",
            "binary_version": "0.18.7-1ubuntu0.25.10.1"
        },
        {
            "binary_name": "libcpp-httplib0.18",
            "binary_version": "0.18.7-1ubuntu0.25.10.1"
        }
    ],
    "availability": "No subscription required",
    "priority_reason": "remote auth bypass, log injection"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-66570.json"