How severe is CVE-2025-1522?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2025-1522?

This is classified as CWE-918, which is a common weakness in software security.

CVE-2025-1522 - HIGH Severity | CVSS 7.1

Vulnerability Description

PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the database_schema method. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-25358.

Related Vulnerabilities

CVE-2020-14296

HIGH

CVSS:7.1(High)

Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal netwo...

CWE-9182020

CVE-2021-31828

HIGH

CVSS:7.1(High)

An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceedi...

CWE-9182021

CVE-2022-21697

HIGH

CVSS:7.1(High)

Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery (SSRF). Any user deploy...

CWE-9182022

CVE-2022-2756

HIGH

CVSS:7.1(High)

Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1.

CWE-9182022

CVE-2022-44729

HIGH

CVSS:7.1(High)

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trig...

CWE-9182022

CVE-2023-34370

HIGH

CVSS:7.1(High)

Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects ...

CWE-9182023