CVE-2025-15414 | go-sonic up to 1.1.4 Theme Fetching API git_fetcher.go FetchTheme uri server-side request forgery

A vulnerability, which was classified as critical, was found in go-sonic sonic up to 1.1.4. The affected element is the function FetchTheme of the file service/theme/git_fetcher.go of the component Theme Fetching API. Executing manipulation of the argument uri can lead to server-side request forgery.

The identification of this vulnerability is CVE-2025-15414. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15414 | go-sonic up to 1.1.4 Theme Fetching API git_fetcher.go FetchTheme uri server-side request forgery

Post correlati

CVE-2025-22874 | Google Go up to 1.23.9/1.24.3 crypto-x509 VerifyOptions.KeyUsages certificate validation

CVE-2024-56135 | Progress LoadMaster up to 7.2.60.1 os command injection

CVE-2025-62909 | mrityunjay Smart WeTransfer Plugin up to 1.3 on WordPress authorization

CVE-2023-48864 | SEMCMS 4.8 /web_inc.php languageID sql injection