CVE-2025-53539 MEDIUM

CVE-2025-53539: ReDoS in fastapi-guard's penetration attempts detector

Vendor Rennf93
Product fastapi-guard
Weakness CWE-1333
Published July 7, 2025
Last update July 7, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. fastapi-guard's penetration attempts detection uses regex to scan incoming requests. However, some of the regex patterns used in detection are extremely inefficient and can cause polynomial complexity backtracks when handling specially crafted inputs. This vulnerability is fixed in 3.0.1.

Key dates

02Disclosure timeline

July 7, 2025 CVE published
July 7, 2025 Record updated