CVE-2025-68696HIGH 8.2EPSS p17.1%

CVE-2025-68696CVE-2025-68696

Description

httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS0.26% probability of exploitation · percentile 17.1% · 2026-06-19T12:03:05Z
Published2025-12-23
Last modified2026-04-29

Underlying weaknesses· 1

CWE-918

References

  1. https://github.com/jnunemaker/httparty/commit/0529bcd6309c9fd9bfdd50ae211843b10054c240
  2. https://github.com/jnunemaker/httparty/security/advisories/GHSA-hm5p-x4rq-38w4
  3. https://github.com/jnunemaker/httparty/security/advisories/GHSA-hm5p-x4rq-38w4

1

TypeTargetConfidenceTier
WeaknessServer-Side Request Forgery (SSRF)cwe-9180%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-2691
CVE
CVE-2025-28197
CVE
CVE-2025-46385
CVE
CVE-2026-39087
CVE
CVE-2025-52362
CVE
Apache HTTP Server-Side Request Forgery (SSRF)
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.