CVE-2025-57817 Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate thei...

CVE-2025-57816 Fides Webserver API Rate Limiting Vulnerability in Proxied Environments

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs...

CVE-2025-57816 Fides Webserver API Rate Limiting Vulnerability in Proxied Environments

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs...

CVE-2025-57816

CVE-2025-57816 concerns the Fides Webserver API rate limiting. The issue arises in deployments that rely on the built‑in IP‑based rate limiter in proxied environments (CDNs, proxies, load balancers): limits are applied to the immediate connection IP rather than the client IP, and counters are sto...