Home > Vulnerability Database > CVE-2025-68696

Mend.io Vulnerability Database

CVE-2025-68696

Good to know:

Date: December 23, 2025

httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd.

Severity Score

8.2

Related Resources (5)

Url: https://github.com/jnunemaker/httparty

Url: https://github.com/jnunemaker/httparty/commit/0529bcd6309c9fd9bfdd50ae211843b10054c240

Url: https://github.com/jnunemaker/httparty/security/advisories/GHSA-hm5p-x4rq-38w4

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-68696

Url: https://www.mend.io/vulnerability-database/CVE-2025-68696

Severity Score

8.2

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

CVSS v3.1

Base Score:	8.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-68696

Good to know:

Date: December 23, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?