Vulnerability Database

Published: Jul 29, 2025
Updated: Jul 30, 2025
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-6504" target="_blank" rel="noopener"> CVE-2025-6504
Exploit:

300,830

Total vulnerabilities in the database

In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing using the X-Forwarded-For header.

Since XFF is a client-controlled header, it could be spoofed, allowing unauthorized access if the spoofed IP matched a whitelisted range.

This vulnerability could be exploited to bypass IP restrictions, though valid user credentials would still be required for resource access.

No technical information available.

No CWE or OWASP classifications available.

No affected software listed.

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.