High severity8.2NVD Advisory· Published Dec 23, 2025· Updated Apr 29, 2026
CVE-2025-68696
CVE-2025-68696
Description
httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
httpartyRubyGems | < 0.24.0 | 0.24.0 |
Affected products
32- osv-coords31 versionspkg:apk/chainguard/gitlab-rails-ce-18.8pkg:apk/chainguard/gitlab-rails-ce-assets-18.1pkg:apk/chainguard/gitlab-rails-ce-assets-18.2pkg:apk/chainguard/gitlab-rails-ce-assets-18.3pkg:apk/chainguard/gitlab-rails-ce-assets-18.4pkg:apk/chainguard/gitlab-rails-ce-assets-18.5pkg:apk/chainguard/gitlab-rails-ce-assets-18.6pkg:apk/chainguard/gitlab-rails-ce-assets-18.7pkg:apk/chainguard/gitlab-rails-ce-assets-fips-18.1pkg:apk/chainguard/gitlab-rails-ce-assets-fips-18.2pkg:apk/chainguard/gitlab-rails-ce-assets-fips-18.3pkg:apk/chainguard/gitlab-rails-ce-assets-fips-18.4pkg:apk/chainguard/gitlab-rails-ce-assets-fips-18.5pkg:apk/chainguard/gitlab-rails-ce-assets-fips-18.6pkg:apk/chainguard/gitlab-rails-ce-assets-fips-18.7pkg:apk/chainguard/gitlab-rails-ce-doc-18.1pkg:apk/chainguard/gitlab-rails-ce-doc-18.2pkg:apk/chainguard/gitlab-rails-ce-doc-18.3pkg:apk/chainguard/gitlab-rails-ce-doc-18.4pkg:apk/chainguard/gitlab-rails-ce-doc-18.5pkg:apk/chainguard/gitlab-rails-ce-doc-18.6pkg:apk/chainguard/gitlab-rails-ce-doc-18.7pkg:apk/chainguard/gitlab-rails-ce-doc-fips-18.1pkg:apk/chainguard/gitlab-rails-ce-doc-fips-18.2pkg:apk/chainguard/gitlab-rails-ce-doc-fips-18.3pkg:apk/chainguard/gitlab-rails-ce-doc-fips-18.4pkg:apk/chainguard/gitlab-rails-ce-doc-fips-18.5pkg:apk/chainguard/gitlab-rails-ce-doc-fips-18.6pkg:apk/chainguard/gitlab-rails-ce-doc-fips-18.7pkg:apk/chainguard/gitlab-rails-ce-fips-18.8pkg:gem/httparty
< 18.8.8-r0+ 30 more
- (no CPE)range: < 18.8.8-r0
- (no CPE)range: < 18.1.6-r2
- (no CPE)range: < 18.2.8-r3
- (no CPE)range: < 18.3.6-r1
- (no CPE)range: < 18.4.6-r0
- (no CPE)range: < 18.5.4-r1
- (no CPE)range: < 18.6.2-r1
- (no CPE)range: < 18.7.0-r0
- (no CPE)range: < 18.1.6-r4
- (no CPE)range: < 18.2.8-r3
- (no CPE)range: < 18.3.6-r1
- (no CPE)range: < 18.4.6-r0
- (no CPE)range: < 18.5.4-r1
- (no CPE)range: < 18.6.2-r0
- (no CPE)range: < 18.7.0-r0
- (no CPE)range: < 18.1.6-r2
- (no CPE)range: < 18.2.8-r3
- (no CPE)range: < 18.3.6-r1
- (no CPE)range: < 18.4.6-r0
- (no CPE)range: < 18.5.4-r1
- (no CPE)range: < 18.6.2-r1
- (no CPE)range: < 18.7.0-r0
- (no CPE)range: < 18.1.6-r4
- (no CPE)range: < 18.2.8-r3
- (no CPE)range: < 18.3.6-r1
- (no CPE)range: < 18.4.6-r0
- (no CPE)range: < 18.5.4-r1
- (no CPE)range: < 18.6.2-r0
- (no CPE)range: < 18.7.0-r0
- (no CPE)range: < 18.8.8-r0
- (no CPE)range: < 0.24.0
Patches
Vulnerability mechanics
References
5- github.com/jnunemaker/httparty/commit/0529bcd6309c9fd9bfdd50ae211843b10054c240nvdPatchWEB
- github.com/jnunemaker/httparty/security/advisories/GHSA-hm5p-x4rq-38w4nvdExploitVendor AdvisoryWEB
- github.com/advisories/GHSA-hm5p-x4rq-38w4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-68696ghsaADVISORY
- github.com/rubysec/ruby-advisory-db/blob/master/gems/httparty/CVE-2025-68696.ymlghsaWEB
News mentions
0No linked articles in our index yet.