Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-68616

Опубликовано: 19 янв. 2026
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's default_url_fetcher. The vulnerability allows attackers to access internal network resources (such as localhost services or cloud metadata endpoints) even when a developer has implemented a custom url_fetcher to block such access. This occurs because the underlying urllib library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy. Version 68.0 contains a patch for the issue.

A Server-Side Request Forgery (SSRF) Protection Bypass exists in WeasyPrint's default_url_fetcher. The vulnerability allows attackers to access internal network resources (such as localhost services or cloud metadata endpoints) even when a developer has implemented a custom url_fetcher to block such access. This occurs because the underlying urllib library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ansible Automation Platform 2ansible-automation-platform-tech-preview/automation-dashboard-rhel9Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-918
https://bugzilla.redhat.com/show_bug.cgi?id=2430858WeasyPrint: WeasyPrint Server-Side Request Forgery (SSRF)

EPSS

Процентиль: 18%
0.00058
Низкий

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-68616

CVSS3: 7.5
nvd
2 месяца назад

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy. Version 68.0 contains a patch for the issue.

suse-cvrf логотип

openSUSE-SU-2026:20069-1

suse-cvrf
2 месяца назад

Security update for python-weasyprint

github логотип

GHSA-983w-rhvv-gwmv

CVSS3: 7.5
github
2 месяца назад

WeasyPrint has a Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect

EPSS

Процентиль: 18%
0.00058
Низкий

7.5 High

CVSS3