Moderate severityNVD Advisory· Published May 29, 2025· Updated May 29, 2025
Strapi allows Server-Side Request Forgery in Webhook function
CVE-2024-52588
Description
Strapi is an open-source content management system. Prior to version 4.25.2, inputting a local domain into the Webhooks URL field leads to the application fetching itself, resulting in a server side request forgery (SSRF). This issue has been patched in version 4.25.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@strapi/adminnpm | < 4.25.2 | 4.25.2 |
Affected products
2Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-v8wj-f5c7-pvxfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-52588ghsaADVISORY
- github.com/strapi/strapi/security/advisories/GHSA-v8wj-f5c7-pvxfghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.