Vulnerabilities

Ultimate Guide: CVE-2025-61916 - Spinnaker vulnerable to SSRF due to improper restrictions on http from user input

2026-01-06 0 views admin
Ultimate Guide: CVE-2025-61916 - Spinnaker vulnerable to SSRF due to improper restrictions on http from user input

CVE ID : CVE-2025-61916 Published : Jan. 5, 2026, 10:15 p.m. | 57 minutes ago Description : Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinnaker pipelines via helm or other methods to extract things LIKE idmsv1 authentication data. This also includes calling internal spinnaker API's via a get and similar endpoints. Further, depending upon the artifact in question, auth data may be exposed to arbitrary endpoints (e.g. GitHub auth headers) leading to credentials exposure. To trigger this, a spinnaker installation MUST have two things. The first is an artifact enabled that allows user input. This includes GitHub file artifacts, BitBucket, GitLab, HTTP artifacts and similar artifact providers. JUST enabling the http artifact provider will add a

CVE Details

Published
Jan. 5, 2026
Affected Product: GitHub

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-61916github

More from Vulnerabilities

CVE-2025-13753 - WP Table Builder <= 2.0.19 - incorrect authorization to authenticated (subscribe

CVE-2025-13753 - WP Table Builder <= 2.0.19 - incorrect authorization to authenticated (subscribe

2026-01-09 0
CVE-2025-13628 - Tutor LMS – eLearning and online course solution <= 3.9.3 - missing authorizatio

CVE-2025-13628 - Tutor LMS – eLearning and online course solution <= 3.9.3 - missing authorizatio

2026-01-09 0
CVE-2025-69194 - Wget2: arbitrary file write via metalink path traversal in gnu wget2 - 2025 Update

CVE-2025-69194 - Wget2: arbitrary file write via metalink path traversal in gnu wget2 - 2025 Update

2026-01-09 0
CVE-2025-14937 - Frontend Admin by DynamiApps <= 3.28.23 - unauthenticated stored cross-site scri

CVE-2025-14937 - Frontend Admin by DynamiApps <= 3.28.23 - unauthenticated stored cross-site scri

2026-01-09 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views