CVE-2025-67485: HTTP/HTTPS Traffic Interception Bypass in mad-proxy

December 9, 2025 (updated December 10, 2025)

A vulnerability in mad-proxy versions <= 0.3 allows attackers to bypass HTTP/HTTPS traffic interception rules, potentially exposing sensitive traffic.

References

github.com/advisories/GHSA-wx63-35hw-2482
github.com/machphy/mad-proxy
github.com/machphy/mad-proxy/security/advisories/GHSA-wx63-35hw-2482
nvd.nist.gov/vuln/detail/CVE-2025-67485

Code Behaviors & Features

Detect and mitigate CVE-2025-67485 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →