Sign in Subscribe

← All advisories

Unrated severityNVD Advisory· Published Sep 9, 2025· Updated Sep 10, 2025

CVE-2025-44594

CVE-2025-44594

Description

halo v2.20.17 and before is vulnerable to server-side request forgery (SSRF) in /apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-from-url.

Affected products

2

halo/halodescription
Halo Dev/Halollm-fuzzy
Range: <=2.20.17

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

meadow-horn-b94.notion.site/halo-ssrf-14c42bd5b11880c09936df07f58f5bedmitre

News mentions

0

No linked articles in our index yet.