CVE-2025-54365: FastAPI Guard has a regex bypass
(updated )
The regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this limit.
References
- github.com/advisories/GHSA-rrf6-pxg8-684g
- github.com/rennf93/fastapi-guard
- github.com/rennf93/fastapi-guard/commit/0829292c322d33dc14ab00c5451c5c138148035a
- github.com/rennf93/fastapi-guard/commit/d9d50e8130b7b434cdc1b001b8cfd03a06729f7f
- github.com/rennf93/fastapi-guard/security/advisories/GHSA-rrf6-pxg8-684g
- nvd.nist.gov/vuln/detail/CVE-2025-54365
Code Behaviors & Features
Detect and mitigate CVE-2025-54365 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →