What the vulnerability does
01Description
Recipes version 1.5.10 allows arbitrary HTTP requests to be made through the server. This is possible because the application is vulnerable to SSRF.
CVSS base score
6.5/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Key dates
02Disclosure timeline
February 29, 2024
CVE published
May 19, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-13360 AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Subscriber+) Server-Side Request Forgery
CVE-2024-12450 RCE, Full Read SSRF, and Arbitrary File Read in infiniflow/ragflow
CVE-2026-53812 OpenClaw < 2026.5.18 - Private-Network Navigation Bypass via Browser Act Interactions
CVE-2025-9269 Server-Side Request Forgery (SSRF) vulnerability found in embedded web server
CVE-2022-46830
