CVE-2022-31125: 
Roxy-WI vulnerability analysis and mitigation

Roxy-wi, an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers, was found to contain a critical authentication bypass vulnerability (CVE-2022-31125). The vulnerability affects versions before 6.1.1.0 and allows remote, unauthenticated attackers to bypass authentication and access admin functionality by sending specially crafted HTTP requests (GitHub Advisory).

The vulnerability received a CVSS v3.1 base score of 10.0 CRITICAL (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L). The vulnerability is classified as CWE-287 (Improper Authentication) and allows attackers to bypass authentication controls through specially crafted HTTP requests. The attack vector is network-based, requires low complexity, needs no privileges or user interaction, and has a changed scope with high impact on confidentiality and integrity (NVD, GitHub Advisory).

The vulnerability allows unauthorized access to admin functionality, potentially leading to complete system compromise. The CVSS metrics indicate high impact on both confidentiality and integrity of the system, with a lower impact on availability. This means attackers could access and modify sensitive administrative data without authentication (GitHub Advisory).

Users are advised to upgrade to version 6.1.1.0 or later which contains a patch for this vulnerability. There are no known workarounds for this issue (GitHub Advisory).