CVE-2025-64430 | parse-community parse-server up to 7.5.3/8.4.0-alpha.1 Parse.File uri server-side request forgery (GHSA-x4qj-2f4q-r4rx)

Inserito da Angelo Barbosa | Nov 8, 2025 | CVE

A vulnerability, which was classified as critical, has been found in parse-community parse-server up to 7.5.3/8.4.0-alpha.1. This issue affects the function Parse.File. The manipulation of the argument uri leads to server-side request forgery.

This vulnerability is uniquely identified as CVE-2025-64430. The attack is possible to be carried out remotely. No exploit exists.

It is advisable to upgrade the affected component.

CVE-2025-64430 | parse-community parse-server up to 7.5.3/8.4.0-alpha.1 Parse.File uri server-side request forgery (GHSA-x4qj-2f4q-r4rx)

Post correlati

CVE-2025-4747 | Bohua NetDragon Firewall 1.0 ip_status.php subnet command injection

CVE-2025-0488 | Fanli2012 native-php-cms 1.0 product_list.php cat sql injection

CVE-2024-40675 | Google Android 12/12L/13/14 Intent.java parseUriInternal denial of service

CVE-2023-6151 | ESKOM Computer e-municipality module up to 104 privileges management