CVE-2025-53641HIGH 8.2EPSS p15.7%

CVE-2025-53641CVE-2025-53641

Description

Postiz is an AI social media scheduling tool. From 1.45.1 to 1.62.3, the Postiz frontend application allows an attacker to inject arbitrary HTTP headers into the middleware pipeline. This flaw enables a server-side request forgery (SSRF) condition, which can be exploited to initiate unauthorized outbound requests from the server hosting the Postiz application. This vulnerability is fixed in 1.62.3.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS0.25% probability of exploitation · percentile 15.7% · 2026-06-19T12:03:05Z
Published2025-07-11
Last modified2026-04-15

Underlying weaknesses· 1

CWE-918

References

  1. https://github.com/gitroomhq/postiz-app/commit/65eca0e2f22155b43c78724ca43617ee52e42753
  2. https://github.com/gitroomhq/postiz-app/security/advisories/GHSA-48c8-25jq-m55f

1

TypeTargetConfidenceTier
WeaknessServer-Side Request Forgery (SSRF)cwe-9180%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-40168
CVE
CVE-2026-42556
CVE
CVE-2026-34577
CVE
CVE-2026-40487
CVE
CVE-2026-42298
CVE
CVE-2025-65836
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.