CVE-2025-34282

Name of the Vulnerable Software and Affected Versions ThingsBoard versions prior to 4.2.1

Description The software contains a server-side request forgery (SSRF) issue within the dashboard's Image Upload Gallery feature. An attacker can upload a malicious SVG file referencing a remote URL. If the server processes the SVG file and parses external references, it may initiate unintended outbound requests, potentially allowing access to internal services or resources. Server-Side Request Forgery (SSRF) is a web security issue that allows an attacker to make requests on behalf of a server.

Recommendations Update to version 4.2.1 or later.