Home > Vulnerability Database > CVE-2025-25301

Mend.io Vulnerability Database

CVE-2025-25301

Good to know:

Date: March 3, 2025

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoint takes a URL query parameter that allows an image to be fetched, processed and returned. An attacker may be able to query this endpoint to view pictures hosted on the internal network of the rembg server. This issue may lead to Information Disclosure.

Severity Score

4.3

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-25301

Url: https://securitylab.github.com/advisories/GHSL-2024-161_GHSL-2024-162_rembg

Url: https://github.com/danielgatis/rembg

Url: https://securitylab.github.com/advisories/GHSL-2024-161_GHSL-2024-162_rembg/

Url: https://www.mend.io/vulnerability-database/CVE-2025-25301

Severity Score

4.3

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-25301

Good to know:

Date: March 3, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?