Improper Control of Interaction Frequency Affecting ethyca-fides package, versions [,2.69.1)


Severity

Recommended
0.0
medium
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.05% (17th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PYTHON-ETHYCAFIDES-12670880
  • published15 Sept 2025
  • disclosed8 Sept 2025
  • creditDave Quinlan

Introduced: 8 Sep 2025

NewCVE-2025-57816  (opens in a new tab)
CWE-799  (opens in a new tab)

How to fix?

Upgrade ethyca-fides to version 2.69.1 or higher.

Overview

ethyca-fides is an Open-source ecosystem for data privacy as code.

Affected versions of this package are vulnerable to Improper Control of Interaction Frequency due to inefficient built-in IP-based rate limiting in environments with CDNs, proxies or load balancers. An attacker can overwhelm the system or degrade service availability by sending excessive requests from multiple clients behind a proxy, CDN, or load balancer, thereby bypassing intended request limits.

Note:

This is only exploitable if the deployment relies solely on the built-in rate limiting for protection.

Workaround

This vulnerability can be mitigated by implementing rate limiting externally at the infrastructure level using a WAF, API Gateway, or similar technology.

CVSS Base Scores

version 4.0
version 3.1