CVE-2025-23217: 
Python vulnerability analysis and mitigation

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers, and mitmweb is its web-based interface. In mitmweb versions 11.1.1 and below, a vulnerability was discovered that allows a malicious client to bypass authentication and access mitmweb's internal API through the proxy server. The vulnerability was assigned CVE-2025-23217 and was discovered on January 14, 2025, with a patch released on February 6, 2025 (GitHub Advisory).

The vulnerability exists in mitmweb's proxy server configuration, which by default binds to *:8080, while the internal API is bound to 127.0.0.1:8081. Although the internal API is restricted to localhost access, an attacker can bypass this restriction by tunneling requests through the proxy server itself in an SSRF-style attack. The issue has been assigned a High severity rating and is tracked under CWE-288 (Authentication Bypass Using an Alternate Path) and CWE-441 (Unintended Proxy or Intermediary) (GitHub Advisory, NVD).

An attacker with access to the local network can potentially escalate this SSRF-style access to achieve remote code execution. The vulnerability only affects mitmweb, while mitmproxy and mitmdump tools remain unaffected. The block_global option, which is enabled by default, limits the attack surface to connections originating from the same local network (GitHub Advisory).

The vulnerability has been fixed in mitmproxy version 11.1.2 and above. Users are advised to upgrade to the patched version. Additionally, mitmweb's API now requires an authentication token by default, and there is optional password protection available through the web_password option (GitHub Changelog).