PT-2025-46842 · Lichess · Lila
Published
2025-11-13
·
Updated
2026-01-09
·
CVE-2025-52186
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Lichess lila versions prior to commit 11b4c0fb00f0ffd823246f839627005459c8f05c (2025-06-02)
Description
The software contains a Server-Side Request Forgery (SSRF) issue in the game export API. The
players parameter is passed to an internal HTTP client without proper validation, potentially allowing attackers to make the server send HTTP requests to arbitrary URLs.Recommendations
Update Lichess lila to version commit 11b4c0fb00f0ffd823246f839627005459c8f05c (2025-06-02) or later.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lila