5 matches found
CVE-2025-32013
LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery SSRF vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request ...
CVE-2025-32013
creationtimestamp| type| source ---|---|--- 2025-04-06 20:43:59+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10641 2025-04-06 21:40:16+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lm6fvkpnqa2o 2025-04-06 23:12:17+00:00| seen|...
CVE-2025-32013 Server-Side Request Forgery via LNURL Authentication Callback in LNbits Lightning Network Payment System
LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery SSRF vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request ...
CVE-2025-32013 Server-Side Request Forgery via LNURL Authentication Callback in LNbits Lightning Network Payment System
LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery SSRF vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request ...
CVE-2025-32013
CVE-2025-32013 affects LNbits LNURL authentication handling. The SSRF occurs when the server processes a callback URL: it issues an HTTP request to the provided URL with redirects enabled via httpx and does not adequately validate the callback, enabling an attacker to target internal network addr...