How severe is CVE-2025-25194?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4 out of 10.

What type of vulnerability is CVE-2025-25194?

This is classified as CWE-918, which is a common weakness in software security.

CVE-2025-25194 - MEDIUM Severity | CVSS 4

Vulnerability Description

Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypub_federation, a framework for ActivityPub federation in Rust. This vulnerability, which is present in versions 0.6.2 and prior of activitypub_federation and versions 0.19.8 and prior of Lemmy, allows a user to bypass any predefined hardcoded URL path or security anti-Localhost mechanism and perform an arbitrary GET request to any Host, Port and URL using a Webfinger Request. As of time of publication, a fix has not been made available.

Related Vulnerabilities

CVE-2024-39338

MEDIUM

CVSS:4.0(Medium)

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

CWE-9182024

CVE-2018-13404

MEDIUM

CVSS:4.1(Medium)

The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9....

CWE-9182018

CVE-2019-6512

MEDIUM

CVSS:4.1(Medium)

An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF netwo...

CWE-9182019

CVE-2024-49822

MEDIUM

CVSS:4.1(Medium)

IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading ...

CWE-9182024

CVE-2024-56275

MEDIUM

CVSS:4.1(Medium)

Server-Side Request Forgery (SSRF) vulnerability in Envato Envato Elements allows Server Side Request Forgery.This issue affects Envato Elements: from n/a through 2.0.14.

CWE-9182024

CVE-2025-27907

MEDIUM

CVSS:4.1(Medium)

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially le...

CWE-9182025