CVE-2025-14896
📋 TL;DR
CVE-2025-14896 is a server-side request forgery (SSRF) vulnerability in Vega's convert() function when safeMode is enabled and the spec parameter is an array. Attackers can craft malicious Vega diagram specifications to send requests to arbitrary URLs, including local file paths, potentially exposing sensitive information. This affects systems using vulnerable versions of Vega or software that incorporates Vega for diagram rendering.
💻 Affected Systems
- Vega
- Kroki (which uses Vega)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise through local file inclusion leading to credential theft, data exfiltration, or remote code execution via chained attacks.
Likely Case
Unauthorized access to internal services, local file reading exposing configuration files or credentials, and potential data leakage.
If Mitigated
Limited impact if network segmentation restricts internal access and file permissions are properly configured.
🎯 Exploit Status
Exploitation requires ability to submit Vega specifications to vulnerable endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in Kroki commit f31093cd8a0a1d6999c43d560f62d1e82d59c77e
Vendor Advisory: https://github.com/yuzutech/kroki/commit/f31093cd8a0a1d6999c43d560f62d1e82d59c77e
Restart Required: Yes
Instructions:
1. Update Vega or Kroki to version containing commit f31093cd8a0a1d6999c43d560f62d1e82d59c77e. 2. Restart the application/service. 3. Verify the fix by testing with malicious payloads.
🔧 Temporary Workarounds
Input Validation
allImplement strict input validation to reject array-type spec parameters when safeMode is enabled.
Network Segmentation
allRestrict outbound network access from vulnerable systems to prevent SSRF attacks.
🧯 If You Can't Patch
- Implement WAF rules to block malicious Vega specifications containing URL patterns.
- Disable or restrict access to Vega rendering endpoints until patching is possible.
🔍 How to Verify
Check if Vulnerable:
Test by submitting a Vega specification with array type containing malicious URL payloads to the convert() endpoint.Check Version:
Check package.json or similar for Vega/Kroki version and compare against patched versions.Verify Fix Applied:
Attempt the same malicious payloads after patching; they should be rejected or sanitized.📡 Detection & Monitoring
Log Indicators:
- Unusual outbound requests from Vega service
- Errors in Vega parsing logs
- Multiple failed conversion attempts
Network Indicators:
- Unexpected outbound HTTP requests from Vega service to internal IPs or file:// URLs
SIEM Query:
source="vega" AND (url="file://*" OR url="http://127.0.0.1*" OR url="http://169.254.169.254*")