CVE-2025-59344 AliasVault Vulnerable to Server-Side Request Forgery via Favicon Extraction

AliasVault is a privacy-first password manager with built-in email aliasing. A server-side request forgery SSRF vulnerability exists in the favicon extraction feature of AliasVault API versions 0.23.0 and lower. The extractor fetches a user-supplied URL, parses the returned HTML, and follows...

CVE-2025-59344

AliasVault API <= 0.23.0 is affected by an SSRF in the favicon extraction flow. The extractor fetches a user-supplied URL, parses HTML, and follows . It validates the initial URL to HTTP(S) default ports but follows redirects and does not block loopback/internal IP ranges, allowing an authenti...

AliasVault 代码问题漏洞

AliasVault is an open source password manager from AliasVault. A code issue vulnerability exists in AliasVault 0.23.0 and earlier versions that stems from the favicon extraction feature not properly validating redirected requests, which could lead to a server-side request forgery attack...