Spatie · Spatie/Browsershot · CVE-2025-1026
**Name of the Vulnerable Software and Affected Versions**
spatie/browsershot versions prior to 5.0.5
**Description**
The issue is related to improper URL validation through the `setUrl` method, resulting in a Local File Inclusion that allows attackers to read sensitive files. This is a bypass of a previous fix.
**Recommendations**
For versions prior to 5.0.5, update to version 5.0.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `setUrl` method to minimize the risk of exploitation.