Home > Vulnerability Database > CVE-2025-53641

Mend.io Vulnerability Database

CVE-2025-53641

Good to know:

Date: July 11, 2025

Postiz is an AI social media scheduling tool. From 1.45.1 to 1.62.3, the Postiz frontend application allows an attacker to inject arbitrary HTTP headers into the middleware pipeline. This flaw enables a server-side request forgery (SSRF) condition, which can be exploited to initiate unauthorized outbound requests from the server hosting the Postiz application. This vulnerability is fixed in 1.62.3.

Severity Score

8.2

Related Resources (4)

Url: https://github.com/gitroomhq/postiz-app/security/advisories/GHSA-48c8-25jq-m55f

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-53641

Url: https://github.com/gitroomhq/postiz-app/commit/65eca0e2f22155b43c78724ca43617ee52e42753

Url: https://www.mend.io/vulnerability-database/CVE-2025-53641

Severity Score

8.2

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version https://github.com/gitroomhq/postiz-app.git - v1.62.3

Learn More

CVSS v3.1

Base Score:	8.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-53641

Good to know:

Date: July 11, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?