CVE-2025-15104

Name of the Vulnerable Software and Affected Versions Nu Html Checker versions prior to commit 23f090a11bab8d0d4e698f1ffc197a4fe226a9cd

Description The Nu Html Checker (validator.nu) is susceptible to a restriction bypass that enables remote attackers to initiate arbitrary HTTP/HTTPS requests to internal resources, including services on localhost. The application employs hostname-based protections to prevent direct access to localhost and 127.0.0.1, but these safeguards can be circumvented through DNS rebinding techniques or by utilizing domains that resolve to loopback addresses. This allows an attacker to potentially access internal systems and data.

Recommendations Update Nu Html Checker to a version after commit 23f090a11bab8d0d4e698f1ffc197a4fe226a9cd.