Server-Side Request Forgery in ssrfcheck by Felippe Regazio
CVE-2025-8267

8.8HIGH

Key Information:

Vendor: Felippe Regazio
Status: Ssrfcheck
Vendor: CVE Published:; 28 July 2025

🔔 Create Felippe Regazio Vulnerability Alert

What is CVE-2025-8267?

The ssrfcheck package prior to version 1.2.0 is susceptible to Server-Side Request Forgery (SSRF) due to an incomplete denylist of invalid IP address ranges. Notably, the package inaccurately allows access to the multicast IP address space 224.0.0.0/4. This vulnerability enables attackers to generate crafted requests that target these multicast addresses, potentially compromising system integrity and security.

Affected Version(s)

ssrfcheck 0 < 1.2.0

References

https://security.snyk.io/vuln/SNYK-JS-SSRFCHECK-9510756

https://gist.github.com/lirantal/2976840639df824cb3abe60d...

https://github.com/felippe-regazio/ssrfcheck/issues/5

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Jul 27, 2025

Credit

Liran Tal