CVE-2025-2691 – This SSRF vulnerability in nossrf versions befo... (How to Fix)

Q: What is the severity of CVE-2025-2691?

CVE-2025-2691 has a CVSS score of 8.2 (HIGH). This SSRF vulnerability in nossrf versions before 1.0.4 allows attackers to bypass protection mechanisms by providing hostnames that resolve to local or reserved IP addresses. This could enable internal network probing, service enumeration, or data exfiltration. Any application using vulnerable nossrf versions for SSRF protection is affected.

📋 TL;DR

This SSRF vulnerability in nossrf versions before 1.0.4 allows attackers to bypass protection mechanisms by providing hostnames that resolve to local or reserved IP addresses. This could enable internal network probing, service enumeration, or data exfiltration. Any application using vulnerable nossrf versions for SSRF protection is affected.

💻 Affected Systems

Products:

nossrf

Versions: All versions before 1.0.4

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Any application using nossrf for SSRF protection with default configuration is vulnerable.

📦 What is this software?

Nossrf by Nossrf Project

View all CVEs affecting Nossrf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains access to internal services, exfiltrates sensitive data, or performs lateral movement within the network.

🟠

Likely Case

Internal service enumeration, metadata harvesting from cloud services, or limited data exposure from internal APIs.

🟢

If Mitigated

Limited to failed connection attempts or minimal information disclosure if proper network segmentation and egress filtering are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to control input that gets passed to nossrf validation functions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.4

Vendor Advisory: https://security.snyk.io/vuln/SNYK-JS-NOSSRF-9510842

Restart Required: No

Instructions:

1. Update package.json to specify 'nossrf': '^1.0.4'. 2. Run 'npm update nossrf'. 3. Test application functionality.

🔧 Temporary Workarounds

Input validation enhancement

all

Implement additional validation of hostnames before passing to nossrf

🧯 If You Can't Patch

Implement network-level egress filtering to restrict outbound connections from application servers
Deploy WAF rules to detect and block SSRF patterns in HTTP requests

🔍 How to Verify

Check if Vulnerable:

Check package.json or package-lock.json for nossrf version <1.0.4

Check Version:

npm list nossrf

Verify Fix Applied:

Verify package.json specifies nossrf version >=1.0.4 and run 'npm list nossrf'

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from application servers
Requests to internal IP addresses or localhost

Network Indicators:

Outbound connections to internal services from application servers
DNS queries for internal hostnames

SIEM Query:

source='application_logs' AND (url CONTAINS 'localhost' OR url CONTAINS '127.0.0.1' OR url CONTAINS 'internal' OR url CONTAINS 'metadata')

📊 Metadata

CVE ID: CVE-2025-2691

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE: CWE-918

EPSS Score: 0.14% exploit probability (34.3th percentile)

Published: March 23, 2025

Last Updated: March 26, 2025

🔗 References

https://security.snyk.io/vuln/SNYK-JS-NOSSRF-9510842 Exploit,Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-NOSSRF-9510842 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-2691, you might also want to check these: