https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-06-16T07:00:40.634952+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/13ea5b62-8b01-4779-aaa7-f3d6865c0391/export13ea5b62-8b01-4779-aaa7-f3d6865c03912026-06-16T07:00:41.424797+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "13ea5b62-8b01-4779-aaa7-f3d6865c0391", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-c2fv-2fmj-9xrx", "type": "seen", "source": "https://gist.github.com/alon710/bda89e90af91af7f573f2d831677b6d7", "content": "# CVE-2025-8267: CVE-2025-8267: Server-Side Request Forgery Bypass via Multicast Address Exclusion in ssrfcheck\n\n> **CVSS Score:** 8.8\n> **Published:** 2026-05-05\n> **Full Report:** https://cvereports.com/reports/CVE-2025-8267\n\n## Summary\nThe ssrfcheck npm package before version 1.2.0 contains a Server-Side Request Forgery (SSRF) vulnerability due to an incomplete blocklist of reserved IP address ranges. By omitting the IPv4 Multicast range (224.0.0.0/4), the library allows attackers to bypass validation and issue requests targeting internal network infrastructure.\n\n## TL;DR\nA flaw in the ssrfcheck npm library (< 1.2.0) allows attackers to bypass SSRF protections by providing URLs resolving to IPv4 Multicast addresses. This enables targeted requests against internal services such as UPnP and mDNS.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-918\n- **Attack Vector**: Network\n- **CVSS v4.0**: 8.8 (High)\n- **CVSS v3.1**: 8.2 (High)\n- **EPSS Score**: 0.00119\n- **Exploit Status**: Proof-of-Concept Available\n- **CISA KEV**: Not Listed\n\n## Affected Systems\n\n- Node.js applications utilizing ssrfcheck < 1.2.0\n- Internal network infrastructure exposed to multicast routing (SSDP, UPnP, mDNS)\n- **ssrfcheck**: < 1.2.0 (Fixed in: `1.2.0`)\n\n## Mitigation\n\n- Upgrade the ssrfcheck dependency to version 1.2.0 or later to implement the complete private CIDR blocklist.\n- Enforce network-level egress filtering to drop traffic directed at the 224.0.0.0/4 IPv4 Multicast range.\n- Implement comprehensive strict allow-listing for outbound network connections where business requirements permit.\n- Audit secondary validation logic for missing IPv6 reserves, such as ff00::/8.\n\n**Remediation Steps:**\n1. Run `npm audit` or use equivalent dependency scanning tools to identify projects utilizing vulnerable versions of ssrfcheck.\n2. Update the package.json dependency requirement to `>=1.2.0`.\n3. Execute `npm install` or `yarn install` to update the lockfile and download the patched package.\n4. Deploy the updated application and verify that validation tests utilizing `239.255.255.250` now return a failure state.\n\n## References\n\n- [NVD Record CVE-2025-8267](https://nvd.nist.gov/vuln/detail/CVE-2025-8267)\n- [Snyk Advisory SNYK-JS-SSRFCHECK-9510756](https://security.snyk.io/vuln/SNYK-JS-SSRFCHECK-9510756)\n- [Fix Commit in ssrfcheck repository](https://github.com/felippe-regazio/ssrfcheck/commit/9507b49fd764f2a1a1d1e3b9ee577b7545e6950e)\n- [GitHub Issue #5 Documenting Bypass](https://github.com/felippe-regazio/ssrfcheck/issues/5)\n- [Technical Bypass Gist by lirantal](https://gist.github.com/lirantal/2976840639df824cb3abe60d13c65e04)\n- [GitHub Advisory GHSA-c2fv-2fmj-9xrx](https://github.com/advisories/GHSA-c2fv-2fmj-9xrx)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2025-8267) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-05T20:40:29.000000Z"}2026-05-05T20:40:29+00:00