CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-25301: Rembg allows SSRF via /api/remove

6.9 CVSS

Description

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoint takes a URL query parameter that allows an image to be fetched, processed and returned. An attacker may be able to query this endpoint to view pictures hosted on the internal network of the rembg server. This issue may lead to Information Disclosure.

Classification

CVE ID: CVE-2025-25301

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.9

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

Problem Types

CWE-918: Server-Side Request Forgery (SSRF)

Affected Products

Vendor: danielgatis

Product: rembg

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 11.19% (scored less or equal to compared to others)

EPSS Date: 2025-04-01 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-25301
https://securitylab.github.com/advisories/GHSL-2024-161_GHSL-2024-162_rembg/

Timeline

2025-03-03 17:40:21 UTC
CVE

Rembg allows SSRF via /api/remove
2025-03-11 22:15:23 UTC
Github Advisory Database (PIP)

[rembg] Rembg allows SSRF via /api/remove