CVE-2025-68616

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-68616

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68616.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-68616

Aliases

GHSA-983w-rhvv-gwmv

Published

2026-01-19T15:20:23.702Z

Modified

2026-03-14T12:44:39.168313Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

WeasyPrint Vulnerable to Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect

Details

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's default_url_fetcher. The vulnerability allows attackers to access internal network resources (such as localhost services or cloud metadata endpoints) even when a developer has implemented a custom url_fetcher to block such access. This occurs because the underlying urllib library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy. Version 68.0 contains a patch for the issue.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68616.json",
    "cwe_ids": [
        "CWE-601",
        "CWE-918"
    ],
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/kozea/weasyprint

Affected ranges

Type: GIT
Repo: https://github.com/kozea/weasyprint
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e9352befffdb1754462b160c38a7e8903a4e28d7

Affected versions

v0.*

v0.1

v0.10

v0.11

v0.12

v0.13

v0.14

v0.15

v0.16

v0.17

v0.17.1

v0.18

v0.19

v0.19.1

v0.19.2

v0.2

v0.20

v0.20.1

v0.20.2

v0.21

v0.22

v0.23

v0.24

v0.25

v0.26

v0.27

v0.28

v0.29

v0.30

v0.31

v0.32

v0.33

v0.34

v0.35

v0.36

v0.37

v0.38

v0.39

v0.4

v0.40

v0.41

v0.42

v0.5

v0.6

v0.7

v0.8

v0.9

Other

v43

v43rc1

v43rc2

v44

v45

v46

v47

v48

v49

v50

v51

v52

v52.*

v52.1

v52.2

v53.*

v53.0

v53.0b1

v53.0b2

v53.1

v53.2

v53.3

v53.4

v54.*

v54.0

v54.0b1

v54.1

v54.2

v54.3

v55.*

v55.0

v55.0b1

v56.*

v56.0

v56.0b1

v56.1

v57.*

v57.0

v57.0b1

v57.1

v57.2

v58.*

v58.0

v58.0b1

v58.1

v59.*

v59.0

v59.0b1

v60.*

v60.0

v60.1

v60.2

v61.*

v61.0

v61.1

v61.2

v62.*

v62.0

v62.1

v62.2

v62.3

v63.*

v63.0

v63.1

v64.*

v64.0

v64.1

v65.*

v65.0

v65.1

v66.*

v66.0

v67.*

v67.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68616.json"