PT-2025-12534 · Nossrf · Nossrf

Liran Tal

Published

2025-03-23

Updated

2025-03-28

CVE-2025-2691

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions nossrf versions prior to 1.0.4

Description The issue is related to Server-Side Request Forgery (SSRF) where an attacker can provide a hostname that resolves to a local or reserved IP address space and bypass the SSRF protection mechanism.

Recommendations For versions prior to 1.0.4, update to version 1.0.4 to patch the SSRF flaw. As a temporary workaround, consider restricting the ability to provide hostnames that resolve to local or reserved IP address spaces until a patch is available.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

BDU:2026-07586

CVE-2025-2691

GHSA-VM77-MR48-27WJ

Affected Products

Nossrf

PT-2025-12534 · Nossrf · Nossrf

CVE-2025-2691

Weakness Enumeration

Related Identifiers

Affected Products

References · 17