CVE-2025-1211

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 11, 2025

CWE ID 918

Summary

CVE-2025-1211 is a Server-side Request Forgery (SSRF) vulnerability affecting versions of the package hackney. This issue arises due to the URI built-in module and hackney's improper handling of URLs. When a malicious URL such as http://[email protected]/ is used, the URI function will parse the host as 127.0.0.1, while hackney will refer to it as 127.2.2.2. This vulnerability can be exploited when users rely on the URL function for host checking, potentially leading to unauthorized access or data leakage. Users are advised to upgrade to a patched version of hackney to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3O8Rqx
https://www.cve.org/CVERecord?id=CVE-2025-1211
https://nvd.nist.gov/vuln/detail/CVE-2025-1211

Back to Vulnerability Database

CVE-2025-1211

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations