Description

Mega-Fence (webgate-lib.*) 25.1.914 and prior trusts the first value of the X-Forwarded-For (XFF) header as the client IP without validating a trusted proxy chain. An attacker can supply an arbitrary XFF value in a remote request to spoof the client IP, which is then propagated to security-relevant state (e.g., WG_CLIENT_IP cookie). Deployments that rely on this value for IP allowlists may be bypassed.

INFO

Published Date :

2026-01-05T00:00:00.000Z

Last Modified :

2026-01-05T21:08:06.488Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-65328 vulnerability.

Vendors Products
Mega-fence Project
  • Mega-fence
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-65328.

URL Resource
https://drive.proton.me/urls/MY05PVBFXG#xDd2Xqy98WM9 cve-icon cve-icon
https://raw.githubusercontent.com/p1aintext/CVE/main/CVE-2025-65328.md cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact