Home > Vulnerability Database > CVE-2025-52186

Mend.io Vulnerability Database

CVE-2025-52186

Good to know:

Date: November 12, 2025

Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c (2025-06-02) contains a Server-Side Request Forgery (SSRF) vulnerability in the game export API. The players parameter is passed directly to an internal HTTP client without validation, allowing remote attackers to force the server to send HTTP requests to arbitrary URLs

Severity Score

6.5

Related Resources (4)

Url: https://hackerone.com/reports/3165242

Url: https://github.com/lichess-org/lila/commit/11b4c0fb00f0ffd8232346f839627005459c8f05c

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-52186

Url: https://www.mend.io/vulnerability-database/CVE-2025-52186

Severity Score

6.5

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-52186

Good to know:

Date: November 12, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?