CVE-2025-59346

Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to 2.1.0

Description Dragonfly is a P2P-based file distribution and image acceleration system susceptible to a server-side request forgery (SSRF) vulnerability. This flaw allows users to force Dragonfly2’s components to make requests to internal services that are otherwise inaccessible. The issue stems from weak validation of user-supplied URLs when creating Preheat jobs via the Manager API, the pieceManager.DownloadSource method in peer-to-peer communication, and HTTP clients following redirects. This can lead to probing or access of internal HTTP endpoints.

Recommendations Upgrade to version 2.1.0 or later.