Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Network-reachable frontend with default-permissive PP1 acceptance gives AV:N/AC:L/PR:N/UI:N; scope changes because routing/ACL authority is subverted; C:H/I:H from rule bypass, A:N as no DoS is described.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Lifecycle Timeline
3DescriptionCVE.org
ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8, the ProxySQL MySQL frontend accepts the PROXY UNKNOWN <addr> <addr> <port> <port>\r\n PP1 frame as a well-formed PROXY protocol header. The HAProxy PROXY protocol v1 specification says that when the protocol token is UNKNOWN, the receiver MUST ignore any address fields that follow it, because the proxy has declared it cannot determine the client identity. ProxySQL parses those address fields anyway via sscanf and writes the spoofed source address into the session's addr.addr field. From there it flows directly into the query-rule matcher, where the client_addr predicate decides routing and ACL. When mysql-proxy_protocol_networks = '*' (the default), any TCP peer can send a PP1 frame and choose any source IP claim. With that, any mysql_query_rules row pinned to a client_addr value is forgeable: the attacker writes the address they want to match into the PP1 line, and ProxySQL routes their query as if it came from that address. In practice this is a routing and ACL bypass. Real deployments use client_addr for read-write splitting (internal apps go to the primary, public traffic to read replicas), per-app schema pinning, and query-filter rules (DDL allowed only from admin CIDR, public queries blocked from dangerous patterns). An attacker that can reach the frontend port can forge their way into any of those routes. Version 3.0.9 patches this issue.
Articles & Coverage 2
AnalysisAI
Source-address spoofing in ProxySQL 2.0.0 through 3.0.8 lets any TCP peer that can reach the MySQL frontend port forge the client IP seen by the query-rule engine, bypassing routing and ACL controls. The flaw stems from incorrect parsing of the HAProxy PROXY protocol v1 UNKNOWN token, whose address fields the specification requires receivers to ignore. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | ProxySQL must be configured to accept PROXY protocol v1 frames from the attacker's network position, which is the default behavior because `mysql-proxy_protocol_networks` ships set to `*` and accepts PP1 from any peer. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The NVD score of 10.0 is inconsistent with the supplied vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N, which mathematically computes to 9.6 - the 10.0 figure should be treated cautiously and the vector taken as authoritative. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can open a TCP connection to ProxySQL's MySQL frontend port crafts a single PP1 line `PROXY UNKNOWN 10.0.0.5 1.2.3.4 3306 3306\r\n` to claim a trusted internal source IP, then submits MySQL queries over the same connection. The query-rule engine matches the forged `client_addr` against a privileged rule - for example one that pins admin CIDR to the primary writer or bypasses a public-traffic DDL block - and routes or authorizes the attacker's queries accordingly. … |
| Remediation | Vendor-released patch: ProxySQL 3.0.9 - upgrade from any 2.0.0-3.0.8 build using the release at https://github.com/sysown/proxysql/releases/tag/v3.0.9 and follow GHSA-gw94-85m2-x8v2 for advisory details. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Identify all ProxySQL instances running versions 2.0.0-3.0.8 with network-accessible MySQL frontend ports; document current ACL enforcement points. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in PostgreSQL
View allPostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() improperl
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
Unauthenticated arbitrary file write in Splunk Enterprise (below 10.2.4 and 10.0.7) and Splunk Cloud Platform (below 10.
A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitra
## Summary An unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query strin
Hard-coded default PostgreSQL credentials shipped in the docker-compose.yaml of langgenius Dify through version 1.5.1 al
A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to v0.12.3, allows for
SQL injection in WeKnora LLM document understanding framework allows authenticated users to extract arbitrary database c
Hasura GraphQL 1.3.3 has a remote code execution vulnerability allowing attackers to execute arbitrary shell commands th
SQL injection in Chartbrew before 4.8.3. PoC available.
A remote code execution vulnerability in DataEase (CVSS 9.8). Risk factors: public PoC available.
A remote code execution vulnerability in DataEase (CVSS 9.8). Risk factors: public PoC available.
Same weakness CWE-348 – Use of Less Trusted Source
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38074