CVE-2025-68696 HIGH

CVE-2025-68696: httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage

Vendor Jnunemaker

Product httparty

Weakness CWE-918 · SSRF

Published December 23, 2025

Last update December 24, 2025

View on NVD All CVEs

CVSS base score

7.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd.

Key dates

02Disclosure timeline

December 23, 2025 CVE published

December 24, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-68696

Related vulnerabilities

04Related CVE

CVE-2026-10586 Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 6.1.3 - Authenticated (Author+) Server-Side Request Forgery CVE-2017-11148 CVE-2025-46503 WordPress Simple Google Photos Grid plugin <= 1.5 - Server Side Request Forgery (SSRF) Vulnerability CVE-2026-22181 OpenClaw < 2026.3.2 - DNS Pinning Bypass via Environment Proxy Configuration in web_fetch CVE-2025-57943 WordPress Skimlinks Affiliate Marketing Tool plugin <= 1.3.1 - Server Side Request Forgery (SSRF) vulnerability