CVE-2025-25182
9.40.33%
Trust Issues: Stroom Auth Bypass & SSRF via AWS ALB Spoofing
Alon Barad
Software EngineerJan 2, 2026·6 min read·9 visits
PoC Available
Executive Summary (TL;DR)
Stroom trusted the 'signer' field in AWS ALB headers without verification. Attackers can bring their own ALB signatures to log in as anyone, or inject malicious regions into the signer ARN to trigger SSRF against the AWS Metadata Service (IMDS).
A critical authentication bypass and SSRF vulnerability in GCHQ's Stroom data platform allows attackers to spoof AWS Application Load Balancer identities or reach internal AWS metadata services.
Official Patches
Fix Analysis (1)
Technical Appendix
CVSS Score
9.4/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:LEPSS Probability
0.33%
Top 45% most exploited
Affected Systems
Stroom Data Platform (GCHQ)
Affected Versions Detail
| Product | Affected Versions | Fixed Version |
|---|---|---|
Stroom GCHQ | >= 7.2-beta.53, < 7.2.24 | 7.2.24 |
Stroom GCHQ | 7.3-beta.1 - < 7.3-beta.22 | 7.3-beta.22 |
Stroom GCHQ | 7.4-beta.1 - < 7.4.4 | 7.4.4 |
Stroom GCHQ | 7.5-beta.1 | 7.5-beta.2 |
| Attribute | Detail |
|---|---|
| CWE | CWE-290 (Auth Bypass by Spoofing) |
| CVSS | 9.4 (Critical) |
| Attack Vector | Network |
| Exploit Status | PoC Available |
| Impact | Authentication Bypass / SSRF |
| KEV Status | Not Listed |
MITRE ATT&CK Mapping
CWE-290
Authentication Bypass by Spoofing
Authentication Bypass by Spoofing
Known Exploits & Detection
Vulnerability Timeline
Fix Committed to GitHub
2024-06-05
Public Disclosure & CVE Published
2025-02-12