CVE-2025-8267

July 28, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-8267
Type cve
Published 2025-07-28T05:00:00.992Z
Modified 2025-07-28T05:00:00.992Z

Product Information

Vendor n/a
Product ssrfcheck
Version 0

CVSS Information

Base Score 8.2 (HIGH)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:P

AI Analysis

AI Description A vulnerability in ssrfcheck allows SSRF attacks due to incomplete IP range checks, specifically missing the multicast range.
AI Severity Medium
AI Vendor Open Source Community
AI Product ssrfcheck
AI Version versions before 1.2.0

Affected Products

  • n/a ssrfcheck 0

Additional Information

Source snyk

Description

Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery (SSRF) due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 (Multicast) as invalid. This oversight allows attackers to craft requests targeting these multicast addresses.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.