Unrated severityNVD Advisory· Published Jul 29, 2025· Updated Jul 29, 2025

Possibilities of IP Spoofing via X-Forwarded-For (XFF) Header

CVE-2025-6504

Description

In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing using the X-Forwarded-For header.

Since XFF is a client-controlled header, it could be spoofed, allowing unauthorized access if the spoofed IP matched a whitelisted range.

This vulnerability could be exploited to bypass IP restrictions, though valid user credentials would still be required for resource access.

No patches discovered yet.

AI mechanics synthesis has not run for this CVE yet.

No linked articles in our index yet.