CVE-2025-67485

MEDIUM

mad-proxy <0.3 - Auth Bypass

Title source: llm

Description

mad-proxy is a Python-based HTTP/HTTPS proxy server for detection and blocking of malicious web activity using custom security policies. Versions 0.3 and below allow attackers to bypass HTTP/HTTPS traffic interception rules, potentially exposing sensitive traffic. This issue does not have a fix at the time of publication.

References (1)

[Vendor Advisory] https://github.com/machphy/mad-proxy/security/advisories/GHSA-wx63-35hw-2482

Scores

CVSS v3 5.3

EPSS 0.0008

EPSS Percentile 22.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-693

Status published

Affected Products (2)

pypi/mad-proxy PyPI

machphy/mad-proxy < 0.3

Timeline

Published Dec 10, 2025

Tracked Since Feb 18, 2026