exploitDog

CVE-2025-32013

Опубликовано: 06 апр. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery (SSRF) vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request to that URL using the httpx library with redirect following enabled. The application doesn't properly validate the callback URL, allowing attackers to specify internal network addresses and access internal resources.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lnbits:lnbits:*:*:*:*:*:*:*:*

Версия до 0.12.12 (исключая)

EPSS

Процентиль: 21%

0.00066

Низкий

7.5 High

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-qp8j-p87f-c8cc

github

10 месяцев назад

LNbits Lightning Network Payment System Vulnerable to Server-Side Request Forgery via LNURL Authentication Callback

EPSS

Процентиль: 21%

0.00066

Низкий

7.5 High

CVSS3

Дефекты

CWE-918