CVE-2025-64484Improper Neutralization of HTTP Headers for Scripting Syntax in Oauth2-proxy

CWE-644Improper Neutralization of HTTP Headers for Scripting Syntax5 documents4 sources
Severity
8.5HIGHNVD
EPSS
0.1%
top 77.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oauth2-proxyGithub.com Oauth2-proxy Oauth2-proxy V7
Timeline
PublishedNov 10
Latest updateNov 17

Description

OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions prior to 7.13.0, all deployments of OAuth2 Proxy in front of applications that normalize underscores to dashes in HTTP headers (e.g., WSGI-based frameworks such as Django, Flask, FastAPI, and PHP applications). Authenticated users can inject underscore variants of X-Forwarded-* headers that bypass the proxy’s f

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:NExploitability: 3.1 | Impact: 4.7

Affected Packages2 packages

CVEListV5oauth2-proxy/oauth2-proxy< 7.13.0

🔴Vulnerability Details

3
OSV
OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation in github.com/oauth2-proxy/oauth2-proxy2025-11-17
OSV
OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation2025-11-12
GHSA
OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation2025-11-12

📋Vendor Advisories

1
Red Hat
oauth2-proxy: OAuth2-Proxy vulnerable to header smuggling via underscore, leading to potential privilege escalation2025-11-10