CVE-2025-69206

Exploit

EPSS 0.01%
Veröffentlicht 29.12.2025 15:55:12
Zuletzt bearbeitet 06.01.2026 16:30:10
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Hemmelig is a messing app with with client-side encryption and self-destructing messages. Prior to version 7.3.3, a Server-Side Request Forgery (SSRF) filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to block internal/private IP addresses but can be bypassed using DNS rebinding or open redirect services. This allows an authenticated user to make the server initiate HTTP requests to internal network resources. Version 7.3.3 contains a patch for the issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hemmelig ≫ Hemmelig Version < 7.3.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.006

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://github.com/HemmeligOrg/Hemmelig.app/security/advisories/GHSA-vvxf-wj5w-6gj5

Vendor Advisory

Exploit

https://github.com/HemmeligOrg/Hemmelig.app/commit/6c909e571d0797ee3bbd2c72e4eb767b57378228

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-69206

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-69206

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-69206

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-69206