Home > Vulnerability Database > CVE-2025-30371

Mend.io Vulnerability Database

CVE-2025-30371

Good to know:

Date: March 28, 2025

Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potentially impacted if their Metabase is colocated with other unsecured resources. This is fixed in v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8. Migrating to Metabase Cloud or redeploying Metabase in a dedicated subnet with strict outbound port controls is an available workaround.

Severity Score

2.2

Related Resources (3)

Url: https://github.com/metabase/metabase/security/advisories/GHSA-8xf9-9jc8-qp98

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-30371

Url: https://www.mend.io/vulnerability-database/CVE-2025-30371

Severity Score

2.2

Weakness Type (CWE)

Improper Link Resolution Before File Access ('Link Following')

CWE-59

Top Fix

Upgrade Version

Upgrade to version https://github.com/metabase/metabase.git - v0.52.16.4;https://github.com/metabase/metabase.git - v0.53.8

Learn More

CVSS v3.1

Base Score:	2.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-30371

Good to know:

Date: March 28, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?