CVE-2025-1447

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 19, 2025

CWE ID 918

Summary

CVE-2025-1447 is a critical server-side request forgery vulnerability affecting the kasuganosoras Pigeon 1.0.177 software. This issue lies in the unknown code of the file /pigeon/imgproxy/index.php, allowing remote attackers to manipulate the argument url and trigger server-side requests. Upgrading to version 1.0.181 resolves this issue, with the patch identified as 84cea5fe73141689da2e7ec8676d47435bd6423e. It is strongly advised to implement the upgrade as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3fOEn0
https://www.cve.org/CVERecord?id=CVE-2025-1447
https://nvd.nist.gov/vuln/detail/CVE-2025-1447

Back to Vulnerability Database

CVE-2025-1447

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations