Vulnerabilities > CVE-2025-1447

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

CWE-918

NVD

Published: 2025-02-19

Updated: 2025-02-19

Summary

A vulnerability was found in kasuganosoras Pigeon 1.0.177. It has been declared as critical. This vulnerability affects unknown code of the file /pigeon/imgproxy/index.php. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. Upgrading to version 1.0.181 is able to address this issue. The patch is identified as 84cea5fe73141689da2e7ec8676d47435bd6423e. It is recommended to upgrade the affected component.

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://github.com/kasuganosoras/Pigeon/commit/84cea5fe73141689da2e7ec8676d47435bd6423e
https://github.com/kasuganosoras/Pigeon/releases/tag/1.0.181
https://github.com/sheratan4/cve/issues/2
https://vuldb.com/?ctiid.296134
https://vuldb.com/?id.296134
https://vuldb.com/?submit.501978

Vulnerabilities > CVE-2025-1447 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2025-1447"}]}

Summary

Common Weakness Enumeration (CWE)

References

Vulnerabilities > CVE-2025-1447