CVE-2025-64430 | parse-community parse-server up to 7.5.3/8.4.0-alpha.1 Parse.File uri server-side request forgery (GHSA-x4qj-2f4q-r4rx)

Inserito da Angelo Barbosa | Nov 8, 2025 | CVE

A vulnerability, which was classified as critical, has been found in parse-community parse-server up to 7.5.3/8.4.0-alpha.1. This issue affects the function Parse.File. The manipulation of the argument uri leads to server-side request forgery.

This vulnerability is uniquely identified as CVE-2025-64430. The attack is possible to be carried out remotely. No exploit exists.

It is advisable to upgrade the affected component.

CVE-2025-64430 | parse-community parse-server up to 7.5.3/8.4.0-alpha.1 Parse.File uri server-side request forgery (GHSA-x4qj-2f4q-r4rx)

Post correlati

CVE-2024-12233 | code-projects Online Notice Board up to 1.0 Profile Picture /registration.php img unrestricted upload

CVE-2024-13435 | iwcontribution Ebook Downloader Plugin up to 1.0 on WordPress download sql injection

CVE-2024-11246 | code-projects Farmacia 1.0 /adicionar-cliente.php nome/cpf/dataNascimento cross site scripting

CVE-2024-6943 | ZhongBangKeJi CRMEB up to 5.4.0 CopyTaobaoServices.php downloadImage deserialization