CVE-2025-1026 HIGH

CVE-2025-1026

Vendor N/A

Product spatie/browsershot

Weakness CWE-20 · Input validation

Published February 5, 2025

Last update February 12, 2025

View on NVD All CVEs

CVSS base score

8.6/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P

What the vulnerability does

01Description

Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive files. **Note:** This is a bypass of the fix for [CVE-2024-21549](https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8533023).

Key dates

02Disclosure timeline

February 5, 2025 CVE published

February 12, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-1026

Related vulnerabilities

CVE-2025-1026

01Description

02Disclosure timeline

03References

04Related CVE