CVE-2025-1521 PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability

April 23, 2025 invoker category_cve

Vulnerability Details

Basic Information

Title	CVE-2025-1521 PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability
Type	cvelist
Published	2025-04-23T16:45:32
Last Seen	2025-04-23T17:07:19
CVSS Score	7.1 (HIGH)

CVSS v3 Details

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	LOW
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	LOW
Availability Impact	NONE

CVE Information

CVE IDs	CVE-2025-1521
CWE	CWE-918
Bulletin Family	cve

Description

PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit…

Impact Assessment

Base Score	7.1
Severity	HIGH

View full CVE details