Base Score

MEDIUM5.3

CVE-2025-67485

mad-proxy is a Python-based HTTP/HTTPS proxy server for detection and blocking of malicious web activity using custom security policies. Versions 0.3 and below allow attackers to bypass HTTP/HTTPS traffic interception rules, potentially exposing sensitive traffic. This issue does not have a fix at the time of publication.

VectorNETWORK

Published Bysecurity-advisories@github.com

Published DateDec 10, 2025, 01:15

Affected Versions(1)

mad-proxy(PyPI)

Introduced0

FixedN/A

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
mad-proxy(PyPI)	0	N/A	N/A

Weakness Type (CWE):CWE-693

CVSS Metrics

Base Score

5.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

NONE

Availability (A)

NONE

References

https://github.com/machphy/mad-proxy/security/advisories/GHSA-wx63-35hw-2482

Base Score

MEDIUM5.3

Weakness Type (CWE):CWE-693

CVSS Metrics

Base Score

5.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

NONE

Availability (A)

NONE