Felippe Regazio

1 exploit Active since Jul 2025
CVE-2025-8267 WRITEUP HIGH WRITEUP
ssrfcheck < 1.2.0 - Server-Side Request Forgery via Multicast IP Bypass
Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery (SSRF) due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 (Multicast) as invalid. This oversight allows attackers to craft requests targeting these multicast addresses.
CVSS 8.2