CVE-2025-8020

July 23, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-8020
Type cve
Published 2025-07-23T05:00:01.625Z
Modified 2025-07-23T05:00:01.625Z

Product Information

Vendor n/a
Product private-ip
Version 0

CVSS Information

Base Score 8.2 (HIGH)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:P

Affected Products

  • n/a private-ip 0

Additional Information

Source snyk

Description

All versions of the package private-ip are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide an IP or hostname that resolves to a multicast IP address (224.0.0.0/4) which is not included as part of the private IP ranges in the package’s source code.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.