VYPR
Moderate severityNVD Advisory· Published May 29, 2025· Updated May 29, 2025

Strapi allows Server-Side Request Forgery in Webhook function

CVE-2024-52588

Description

Strapi is an open-source content management system. Prior to version 4.25.2, inputting a local domain into the Webhooks URL field leads to the application fetching itself, resulting in a server side request forgery (SSRF). This issue has been patched in version 4.25.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
@strapi/adminnpm
< 4.25.24.25.2

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.