Information Disclosure Vulnerability in Rembg Tool by Rembg
CVE-2025-25301

6.9MEDIUM

Key Information:

Vendor: Danielgatis
Status: Rembg
Vendor: CVE Published:; 3 March 2025

🔔 Create Danielgatis Vulnerability Alert

What is CVE-2025-25301?

The Rembg tool, utilized for automatic image background removal, is vulnerable to an information disclosure issue in versions 2.0.57 and earlier. The vulnerability exists within the /api/remove endpoint, which permits users to pass a URL query parameter. This allows potential attackers to access and process images from an internal network associated with the Rembg server. Such exploitation could lead to unauthorized viewing of sensitive images, thus posing a significant risk to privacy and security.

Affected Version(s)

rembg <= 2.0.57

References

https://securitylab.github.com/advisories/GHSL-2024-161_G...

x_refsource_CONFIRM

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2025
Vulnerability Reserved
Feb 6, 2025

CVE-2025-25301 Data

JSON