Composio SSRF Vulnerability Allowing Arbitrary File Read

Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability has been identified in Composio version 0.4.4. This vulnerability allows attackers to read the contents of any file on the system by exploiting the BROWSERTOOL_GOTO_PAGE and BROWSERTOOL_GET_PAGE_DETAILS actions.

Impact

Exploitation of this vulnerability allows for arbitrary file read on the server.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

4.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

4.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Composio SSRF Vulnerability Allowing Arbitrary File Read

Vulnerability

Impact

Affected Products

composiohq/composio

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating