We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-8267



Description

Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery (SSRF) due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 (Multicast) as invalid. This oversight allows attackers to craft requests targeting these multicast addresses.

Reserved 2025-07-27 | Published 2025-07-28 | Updated 2025-07-28 | Assigner snyk


HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
HIGH: 8.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:P

Problem types

Server-Side Request Forgery (SSRF)

Credits

Liran Tal

References

security.snyk.io/vuln/SNYK-JS-SSRFCHECK-9510756

gist.github.com/lirantal/2976840639df824cb3abe60d13c65e04

github.com/felippe-regazio/ssrfcheck/issues/5

github.com/...ommit/9507b49fd764f2a1a1d1e3b9ee577b7545e6950e

cve.org (CVE-2025-8267)

nvd.nist.gov (CVE-2025-8267)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-8267

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.