CVE-2025-57814

Name of the Vulnerable Software and Affected Versions: request-filtering-agent versions 1.x.x and earlier

Description: request-filtering-agent is an http(s).Agent implementation designed to block requests to Private/Reserved IP addresses. HTTPS requests to 127.0.0.1 bypass IP address filtering, while HTTP requests are correctly blocked. This allows potential access to internal HTTPS services running on localhost, bypassing the library’s Server-Side Request Forgery (SSRF) protection. The issue is particularly dangerous when applications accept user-controlled URLs and internal services are protected only by network-level restrictions.

Recommendations: Upgrade to request-filtering-agent version 2.0.0 or later.