PT-2025-36946 · Halo · Halo
Published
2025-09-09
·
Updated
2025-09-17
·
CVE-2025-44594
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
halo versions prior to 2.20.17
Description:
The software is vulnerable to a server-side request forgery (SSRF) issue. The vulnerability exists in the
/apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-from-url API endpoint.Recommendations:
Update to a version newer than 2.20.17.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Halo