CVE-2025-3192 – This SSRF vulnerability in spatie/browsershot a... (How to Fix)

Q: What is the severity of CVE-2025-3192?

CVE-2025-3192 has a CVSS score of 8.2 (HIGH). This SSRF vulnerability in spatie/browsershot allows attackers to make the server request internal network resources, potentially exposing localhost directories and services. Any PHP application using vulnerable versions of this package for web page screenshots is affected.

📋 TL;DR

This SSRF vulnerability in spatie/browsershot allows attackers to make the server request internal network resources, potentially exposing localhost directories and services. Any PHP application using vulnerable versions of this package for web page screenshots is affected.

💻 Affected Systems

Products:

spatie/browsershot

Versions: 0.0.0 and above (all versions)

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects any PHP application using spatie/browsershot with the vulnerable setUrl() function.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could enumerate internal services, access sensitive data on localhost, or pivot to internal network attacks.

🟠

Likely Case

Information disclosure of localhost directory listings and potential access to internal services.

🟢

If Mitigated

Limited impact if network segmentation and input validation are properly implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple SSRF attack requiring only URL manipulation; public proof-of-concept available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider workarounds or alternative packages.

🔧 Temporary Workarounds

Input Validation and URL Whitelisting

all

Implement strict validation of URLs passed to setUrl() function, allowing only trusted domains.

Network Segmentation

all

Restrict outbound network access from the application server to prevent SSRF attacks.

🧯 If You Can't Patch

Implement strict input validation for all URL parameters
Use network firewalls to block internal network access from the application

🔍 How to Verify

Check if Vulnerable:

Check if your application uses spatie/browsershot package and calls setUrl() with user input.

Check Version:

composer show spatie/browsershot

Verify Fix Applied:

Test that URL validation prevents access to localhost and internal IP addresses.

📡 Detection & Monitoring

Log Indicators:

Unusual outbound requests to localhost or internal IPs from the application

Network Indicators:

HTTP requests to internal addresses from the application server

SIEM Query:

source="application_logs" AND (url CONTAINS "localhost" OR url CONTAINS "127.0.0.1" OR url CONTAINS "::1" OR url MATCHES "10\.\d+\.\d+\.\d+" OR url MATCHES "172\.(1[6-9]|2[0-9]|3[0-1])\.\d+\.\d+" OR url MATCHES "192\.168\.\d+\.\d+")

📊 Metadata

CVE ID: CVE-2025-3192

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE: CWE-918

EPSS Score: 0.29% exploit probability (52.3th percentile)

Published: April 4, 2025

Last Updated: April 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3192, you might also want to check these: