CVE-2025-3192

Name of the Vulnerable Software and Affected Versions spatie/browsershot versions 0.0.0 through 3.1

Description The issue is related to Server-side Request Forgery (SSRF) in the setUrl() function due to a missing restriction on user input. This enables attackers to access localhost and list all of its directories. Attackers can exploit this to access localhost files.

Recommendations For versions 0.0.0 through 3.1, update to a secure version as soon as possible to mitigate the risk of Server-side Request Forgery (SSRF). As a temporary workaround, consider restricting the use of the setUrl() function until a patch is available.