Policy Bypass in Webpack Affects Multiple Versions

CVE-2025-68157

What is CVE-2025-68157?

In Webpack versions from 5.49.0 to just before 5.104.0, a critical vulnerability exists where the HTTP(S) resolver fails to revalidate allowed URIs post-30x redirects. This failure potentially allows an attacker to bypass the configured allow-list, enabling the inclusion of untrusted content in build outputs. Consequently, it may lead to SSRF behavior from the build environment, impacting internal network security. This issue has been addressed in version 5.104.0.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References