What is the CVSS score of CVE-2025-66570?

CVE-2025-66570 has a CVSS 3.1 base score of 10.0 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Docker are affected by CVE-2025-66570?

A critical vulnerability in cpp-httplib (CVE-2025-66570) allows attackers to forge HTTP headers that spoof client IP addresses and network metadata, potentially bypassing authentication,…. A patch is available.

Is there a public PoC exploit available for CVE-2025-66570?

Yes, a public proof-of-concept exploit is available for CVE-2025-66570. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-66570?

Within 24 hours: Identify all internal and external applications using cpp-httplib and document their version numbers and exposure level. Within 7 days: Upgrade cpp-httplib to version 0.27.0 or later across all systems, prioritizing internet-facing and authentication-critical applications. Within 30 days: Conduct security audit of access logs and authorization decisions from the past 90 days to detect potential exploitation, and implement header validation rules at network ingress points.

Docker CVE-2025-66570

EUVD-2025-201455 CRITICAL

Authentication Bypass by Spoofing (CWE-290)

2025-12-05 security-advisories@github.com

Authentication Bypass Docker Debian Ubuntu Cpp Httplib Suse

10.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 17:08 euvd

EUVD-2025-201455

Analysis Generated

Mar 15, 2026 - 17:08 vuln.today

Patch released

Mar 15, 2026 - 17:08 nvd

Patch available

PoC Detected

Dec 10, 2025 - 15:02 vuln.today

Public exploit code

CVE Published

Dec 05, 2025 - 19:15 nvd

CRITICAL 10.0

DescriptionNVD

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTE_ADDR, REMOTE_PORT, LOCAL_ADDR, LOCAL_PORT that are parsed into the request header multimap via read_headers() in httplib.h (headers.emplace), then the server later appends its own internal metadata using the same header names in Server::process_request without erasing duplicates. Because Request::get_header_value returns the first entry for a header key (id == 0) and the client-supplied headers are parsed before server-inserted headers, downstream code that uses these header names may inadvertently use attacker-controlled values. Affected files/locations: cpp-httplib/httplib.h (read_headers, Server::process_request, Request::get_header_value, get_header_value_u64) and cpp-httplib/docker/main.cc (get_client_ip, nginx_access_logger, nginx_error_logger). Attack surface: attacker-controlled HTTP headers in incoming requests flow into the Request.headers multimap and into logging code that reads forwarded headers, enabling IP spoofing, log poisoning, and authorization bypass via header shadowing. This vulnerability is fixed in 0.27.0.

Analysis

Technical ContextAI

An authentication bypass vulnerability allows attackers to circumvent login mechanisms and gain unauthorized access without valid credentials. This vulnerability is classified as Authentication Bypass by Spoofing (CWE-290).

RemediationAI

A vendor patch is available — apply it immediately. Implement robust authentication mechanisms. Use multi-factor authentication. Review authentication logic for bypass conditions. Remove default credentials.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

CVE-2026-47269 HIGH This Week

7.4 May 27

Authentication-context bypass in pam_usb before 0.9.0 lets a person holding an enrolled USB device authenticate over SSH

CVE-2026-47271 MEDIUM This Month

5.1 May 27

pam_usb prior to 0.9.0 crashes under memory pressure due to assert()-based OOM guards in src/mem.c that are silently str

CVE-2026-45898 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removin

CVE-2026-45924 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: ksmbd: call ksmbd_vfs_kern_path_end_removing() on s

Vendor StatusVendor

Ubuntu

Priority: High

cpp-httplib

Release	Status	Version
jammy	released	0.10.3+ds-1ubuntu0.1~esm1
noble	released	0.14.3+ds-1.1ubuntu0.1~esm1
plucky	released	0.18.7-1ubuntu0.25.04.1
questing	released	0.18.7-1ubuntu0.25.10.1
upstream	released	0.27.0

USN-7962-1

Debian

Bug #1122027

cpp-httplib

Release	Status	Fixed Version	Urgency
bookworm	vulnerable	0.11.4+ds-1+deb12u1	-
forky, sid, trixie	vulnerable	0.18.7-1	-
(unstable)	fixed	(unfixed)	-

CVE-2025-66570 vulnerability details – vuln.today

Back

Docker CVE-2025-66570

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Technical ContextAI

RemediationAI

More from same product – last 7 days

Vendor StatusVendor

Ubuntu

Debian

Share

External POC / Exploit Code