CVE-2025-24354

MEDIUM EXPLOITED NUCLEI

imgproxy < 3.27.2 - Server-Side Request Forgery via 0.0.0.0 Address Handling

Title source: llm

Exploitation Summary

CVE-2025-24354 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Admin9961. A Nuclei detection template is also available.

AI-analyzed exploit summary This script is a scanner for CVE-2025-24354, which exploits an SSRF vulnerability in imgproxy. It enumerates internal services by sending requests through the vulnerable imgproxy instance and analyzing responses.

Description

imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXY_ALLOW_LOOPBACK_SOURCE_ADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2.

Exploits (1)

nomisec SCANNER

by Admin9961 · infoleak

https://github.com/Admin9961/CVE-2025-24354-PoC

View Code ZIP pw:eip

This script is a scanner for CVE-2025-24354, which exploits an SSRF vulnerability in imgproxy. It enumerates internal services by sending requests through the vulnerable imgproxy instance and analyzing responses.

Classification

Scanner 90%

Attack Type

Ssrf

Complexity

Moderate

Reliability

Reliable

Target: imgproxy (version not specified)

No auth needed

Prerequisites: Access to a vulnerable imgproxy instance · Network connectivity to internal services

MITRE ATT&CK

T1083 - File and Directory Discovery T1135 - Network Share Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Imgproxy < 3.27.2 - Server-Side Request Forgery (SSRF)

MEDIUMVERIFIEDby oksuzkayra

Shodan: http.html:"imgproxy"

FOFA: body="imgproxy"

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://github.com/imgproxy/imgproxy/security/advisories/GHSA-j2hp-6m75-v4j4

Patch x_refsource_misc

https://github.com/imgproxy/imgproxy/commit/3d4fed6842aa8930ec224d0ad75b0079b858e081

View Patch ZIP pw:eip

Scores

CVSS v3 5.3

EPSS 0.0222

EPSS Percentile 84.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2025-11-27

CWE

CWE-918

Status published

Products (2)

imgproxy/imgproxy 0 - 3.27.2Go

imgproxy/imgproxy < 3.27.2

Published Jan 27, 2025

Tracked Since Feb 18, 2026