PT-2025-31200 · Cloudera · Hdp Server
Published
2025-07-29
·
Updated
2025-08-03
·
CVE-2025-6504
CVSS v3.1
8.4
High
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
HDP Server versions prior to 4.6.2.2978
Description
HDP Server is susceptible to unauthorized access due to IP spoofing via the
X-Forwarded-For header. The X-Forwarded-For header, being client-controlled, can be manipulated. If a spoofed IP address matches a whitelisted range, unauthorized access may be granted. While successful exploitation requires valid user credentials for resource access, it bypasses IP-based restrictions.Recommendations
HDP Server versions prior to 4.6.2.2978: Update to version 4.6.2.2978 or later.
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hdp Server