CVE Daily

CVE-2025-8267

Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Req...

High CVSS 8.2

Overview

Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery (SSRF) due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 (Multicast) as invalid. This oversight allows attackers to craft requests targeting these multicast addresses.

CWE: CWE-918 Published: 2025-07-28T05:16:20.673
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 8.2 (HIGH)
  • Detected tags: ssrf (tag impact: MODERATE)

Recommended actions:

  • Deny access to internal/metadata addresses; use outbound allowlists.

Recommended tools

Tags