Cyber Resilience

CVE-2025-25301

MediumPublic PoC

Published: 03 March 2025

Published
03 March 2025
Modified
07 March 2025
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0004 13.4th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25301 is a medium-severity SSRF (CWE-918) vulnerability in Danielgatis Rembg. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2025-25301 is an information disclosure vulnerability in Rembg, a tool for removing image backgrounds, affecting versions 2.0.57 and earlier. The issue stems from the /api/remove endpoint, which accepts a URL query parameter to fetch, process, and return an image. An attacker can supply an internal network URL via this parameter, causing the rembg server to retrieve and expose images hosted on its internal network. This flaw is classified as CWE-918 (Server-Side Request Forgery) with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact.

Any unauthenticated remote attacker with network access to the rembg server can exploit this vulnerability. By crafting a request to the /api/remove endpoint with a URL pointing to an internal resource, such as a private image server, the attacker tricks the server into fetching the image, processing it for background removal, and returning the result. This enables unauthorized viewing of sensitive internal images without requiring privileges or user interaction.

The GitHub Security Lab advisory (GHSL-2024-161 and GHSL-2024-162) provides further details on this vulnerability at https://securitylab.github.com/advisories/GHSL-2024-161_GHSL-2024-162_rembg/. Security practitioners should consult this reference for recommended mitigations and patches.

EU & UK References

Vulnerability details

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoint takes a URL query parameter that allows an image to be fetched, processed and returned. An attacker may be able to query this endpoint…

more

to view pictures hosted on the internal network of the rembg server. This issue may lead to Information Disclosure.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SSRF vulnerability in public-facing /api/remove endpoint enables remote unauthenticated exploitation of the application to access internal resources.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-6514Shared CWE-918
CVE-2026-44116Shared CWE-918
CVE-2026-21887Shared CWE-918
CVE-2026-31910Shared CWE-918
CVE-2026-48153Shared CWE-918
CVE-2026-45298Shared CWE-918
CVE-2026-39362Shared CWE-918
CVE-2026-31989Shared CWE-918
CVE-2025-27652Shared CWE-918
CVE-2026-42352Shared CWE-918

Affected Assets

danielgatis
rembg
≤ 2.0.57

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates the URL query parameter accepted by the /api/remove endpoint to block SSRF attempts targeting internal network resources.

prevent

Monitors and controls communications at key internal interfaces to prevent the rembg server from fetching unauthorized internal images.

prevent

Enforces flow control policies that prohibit the rembg server from initiating connections to internal network hosts via untrusted inputs.

References