Primary

Context

Imgproxy Server SSRF Vulnerability Allowing Access to Local Services

Vulnerability

Patched

A server-side request forgery (SSRF) vulnerability has been identified in Imgproxy, a tool for resizing and processing images. The issue arises because Imgproxy does not block requests to the loopback address '0.0.0.0', even when the 'IMGPROXY_ALLOW_LOOPBACK_SOURCE_ADDRESSES' configuration is set to false. This oversight can expose local host services to potential access. The vulnerability affects all versions of Imgproxy prior to 3.27.2.

Impact

Exploitation of this vulnerability could lead to unauthorized access to services running on the local host.

Remediation

Users can upgrade to Imgproxy version 3.27.2 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

9.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

9.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Imgproxy Server SSRF Vulnerability Allowing Access to Local Services

Vulnerability

Impact

Remediation

Affected Products

imgproxy

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating