CVE-2025-32013

Name of the Vulnerable Software and Affected Versions LNbits (affected versions not specified)

Description A Server-Side Request Forgery (SSRF) issue has been found in LNbits' LNURL authentication handling functionality. This occurs because the application does not properly validate the callback URL parameter when processing LNURL authentication requests, allowing attackers to specify internal network addresses and access internal resources. The application makes an HTTP request to the specified URL using the httpx library with redirect following enabled.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.