Security Advisory

CVE-2025-8020

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-07-23 05:00:01

Last updated 2025-07-23 15:14:07

Assigner snyk

State PUBLISHED

Description

All versions of the package private-ip are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide an IP or hostname that resolves to a multicast IP address (224.0.0.0/4) which is not included as part of the private IP ranges in the packages source code.

← Browse all CVEs View on cve.org ↗