CVE-2025-24354: imgproxy is vulnerable to SSRF against 0.0.0.0
Imgproxy does not block the 0.0.0.0
address, even with IMGPROXY_ALLOW_LOOPBACK_SOURCE_ADDRESSES
set to false. This can expose services on the local host.
References
Detect and mitigate CVE-2025-24354 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →