2 matches found
CVE-2025-6505
Summary of CVE-2025-6505 : Progress Software’s Hybrid Data Pipeline Server (Linux) versions ≤ 4.6.2.3226 are affected. The root issue is that during an OAuth handshake the server accepts client credentials from both HTTP headers and request parameters, enabling attackers to combine credentials fr...
CVE-2025-6504
HDP Server on Linux versions prior to 4.6.2.2978 is vulnerable to IP-spoofing via the X-Forwarded-For header. Because XFF is client-controlled, a spoofed address that matches a whitelisted range can bypass IP-based access controls, potentially allowing unauthorized access. Exploitation still requ...