CVE-2025-25301 – rembg

Package

Manager: pip
Name: rembg
Vulnerable Version: >=0 <=2.0.57

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS: 0.00026 pctl0.05732

Details

Rembg allows SSRF via /api/remove Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoint takes a URL query parameter that allows an image to be fetched, processed and returned. An attacker may be able to query this endpoint to view pictures hosted on the internal network of the rembg server. This issue may lead to Information Disclosure.

Metadata

Created: 2025-03-11T21:31:01Z
Modified: 2025-03-11T21:31:02Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-r5gx-c49x-h878/GHSA-r5gx-c49x-h878.json
CWE IDs: ["CWE-918"]
Alternative ID: GHSA-r5gx-c49x-h878
Finding: F100
Auto approve: 1