Vulnerabilities

CVE-2025-69206 - Hemmelig has SSRF Filter bypass in Secret Request functionality

2025-12-29 0 views admin

CVE ID : CVE-2025-69206 Published : Dec. 29, 2025, 3:55 p.m. | 9 minutes ago Description : Hemmelig is a messing app with with client-side encryption and self-destructing messages. Prior to version 7.3.3, a Server-Side Request Forgery (SSRF) filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to block internal/private IP addresses but can be bypassed using DNS rebinding or open redirect services. This allows an authenticated user to make the server initiate HTTP requests to internal network resources. Version 7.3.3 contains a patch for the issue. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-69206

Published

Dec. 29, 2025

Attack Vector: network

Impact: SSRF

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-69206

CVE-2025-69206 - Hemmelig has SSRF Filter bypass in Secret Request functionality

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-57460 - Machsol MachPanel Remote File Upload Web Shell Vulnerability

CVE-2025-15191 - D-Link DWR-M920 formLtefotaUpgradeFibocom sub_4155B4 command injection

CVE-2025-15193 - D-Link DWR-M920 formParentControl sub_423848 buffer overflow

CVE-2025-15192 - D-Link DWR-M920 formLtefotaUpgradeQuectel sub_415328 command injection

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting