CVE-2025-52362

Critical CVSS 9.1

Overview

Server-Side Request Forgery (SSRF) vulnerability exists in the URL processing functionality of PHProxy version 1.1.1 and prior. The input validation for the _proxurl parameter can be bypassed, allowing a remote, unauthenticated attacker to submit a specially crafted URL

CWE: CWE-918 Published: 2025-07-21T20:15:41.547

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 9.1 (CRITICAL)
Detected tags: ssrf, unauth_access (tag impact: HIGH)

Recommended actions:

Deny access to internal/metadata addresses; use outbound allowlists.
Enforce authentication/authorization; reduce default endpoint exposure.

Overview

Recommended tools

Tags