CVE-2025-69202: axios-cache-interceptor Vulnerable to Cache Poisoning via Ignored HTTP Vary Header
(updated )
When a server calls an upstream service using different auth tokens, axios-cache-interceptor returns incorrect cached responses, leading to authorization bypass.
References
- github.com/advisories/GHSA-x4m5-4cw8-vc44
- github.com/arthurfiorette/axios-cache-interceptor
- github.com/arthurfiorette/axios-cache-interceptor/commit/49a808059dfc081b9cc23d48f243d55dfce15f01
- github.com/arthurfiorette/axios-cache-interceptor/security/advisories/GHSA-x4m5-4cw8-vc44
- nvd.nist.gov/vuln/detail/CVE-2025-69202
Code Behaviors & Features
Detect and mitigate CVE-2025-69202 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →