9 matches found
CVE-2025-69206
Hemmelig is a messing app with with client-side encryption and self-destructing messages. Prior to version 7.3.3, a Server-Side Request Forgery SSRF filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to block internal/private ...
GHSA-VVXF-WJ5W-6GJ5 hemmelig allows SSRF Filter bypass via Secret Request functionality
Summary A Server-Side Request Forgery SSRF filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to block internal/private IP addresses but can be bypassed using DNS rebinding e.g., localtest.me which resolves to 127.0.0.1 or ope...
EUVD-2025-205597
hemmelig allows SSRF Filter bypass via Secret Request functionality...
hemmelig allows SSRF Filter bypass via Secret Request functionality
Summary A Server-Side Request Forgery SSRF filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to block internal/private IP addresses but can be bypassed using DNS rebinding e.g., localtest.me which resolves to 127.0.0.1 or ope...
CVE-2025-69206
Hemmelig is a messing app with with client-side encryption and self-destructing messages. Prior to version 7.3.3, a Server-Side Request Forgery SSRF filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to block internal/private ...
CVE-2025-69206 Hemmelig has SSRF Filter bypass in Secret Request functionality
Hemmelig is a messing app with with client-side encryption and self-destructing messages. Prior to version 7.3.3, a Server-Side Request Forgery SSRF filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to block internal/private ...
CVE-2025-69206 Hemmelig has SSRF Filter bypass in Secret Request functionality
Hemmelig is a messing app with with client-side encryption and self-destructing messages. Prior to version 7.3.3, a Server-Side Request Forgery SSRF filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to block internal/private ...
CVE-2025-69206
CVE-2025-69206 (Hemmelig) describes an SSRF filter bypass in the Secret Requests webhook URL validation prior to version 7.3.3. The isPublicUrl check blocks private IPs by hostname patterns, but can be bypassed via DNS rebinding (e.g., localtest.me) or open redirects, allowing an authenticated us...
CVE-2025-69206 Hemmelig has SSRF Filter bypass in Secret Request functionality
Hemmelig is a messing app with with client-side encryption and self-destructing messages. Prior to version 7.3.3, a Server-Side Request Forgery SSRF filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to block internal/private ...