CVE-2025-64327

Name of the Vulnerable Software and Affected Versions ThinkDashboard versions 0.6.7 and below

Description ThinkDashboard, a self-hosted bookmark dashboard built with Go and vanilla JavaScript, contains a Blind Server-Side Request Forgery (SSRF) issue. The vulnerability exists in the /api/ping?url= API endpoint, allowing an attacker to make arbitrary requests to internal or external hosts. This could potentially allow discovery of open ports on the local machine, hosts on the local network, and open ports on hosts on the internal network. The url parameter in the /api/ping?url= endpoint is vulnerable.

Recommendations Update to version 0.6.8 or later.