CVE-2025-1447

A vulnerability was found in kasuganosoras Pigeon 1.0.177. It has been declared as critical. This vulnerability affects unknown code of the file /pigeon/imgproxy/index.php. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. Upgrading to version 1.0.181 is able to address this issue. The patch is identified as 84cea5fe73141689da2e7ec8676d47435bd6423e. It is recommended to upgrade the affected component.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/kasuganosoras/Pigeon/commit/84cea5fe73141689da2e7ec8676d47435bd6423e
https://github.com/kasuganosoras/Pigeon/releases/tag/1.0.181
https://github.com/sheratan4/cve/issues/2
https://vuldb.com/?ctiid.296134
https://vuldb.com/?id.296134
https://vuldb.com/?submit.501978

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Se encontró una vulnerabilidad en Kasuganosoras Pigeon 1.0.177. Se ha declarado como crítica. Esta vulnerabilidad afecta el código desconocido del archivo /pigeon/imgproxy/index.php. La manipulación de la URL de argumento conduce a Server-Side Request Forgery. El ataque se puede iniciar de forma remota. La actualización a la versión 1.0.181 puede abordar este problema. El parche se identifica como 84CEA5FE73141689DA2E7EC8676D47435BD6423E. Se recomienda actualizar el componente afectado.

19 Feb 2025, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-19 01:15

Updated : 2026-06-17 08:39

NVD link : CVE-2025-1447

Mitre link : CVE-2025-1447

CVE.ORG link : CVE-2025-1447

JSON object : View

Products Affected

No product.

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2025-1447", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-1447", "role": "CISA Coordinator", "options": [{"exploitation": "poc"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-19T14:50:48.939890Z"}}], "cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "cna@vuldb.com", "affectedData": [{"vendor": "kasuganosoras", "product": "Pigeon", "versions": [{"status": "affected", "version": "1.0.177"}]}]}], "published": "2025-02-19T01:15:09.407", "references": [{"url": "https://github.com/kasuganosoras/Pigeon/commit/84cea5fe73141689da2e7ec8676d47435bd6423e", "source": "cna@vuldb.com"}, {"url": "https://github.com/kasuganosoras/Pigeon/releases/tag/1.0.181", "source": "cna@vuldb.com"}, {"url": "https://github.com/sheratan4/cve/issues/2", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.296134", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.296134", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.501978", "source": "cna@vuldb.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in kasuganosoras Pigeon 1.0.177. It has been declared as critical. This vulnerability affects unknown code of the file /pigeon/imgproxy/index.php. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. Upgrading to version 1.0.181 is able to address this issue. The patch is identified as 84cea5fe73141689da2e7ec8676d47435bd6423e. It is recommended to upgrade the affected component."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Kasuganosoras Pigeon 1.0.177. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta el c\u00f3digo desconocido del archivo /pigeon/imgproxy/index.php. La manipulaci\u00f3n de la URL de argumento conduce a Server-Side Request Forgery. El ataque se puede iniciar de forma remota. La actualizaci\u00f3n a la versi\u00f3n 1.0.181 puede abordar este problema. El parche se identifica como 84CEA5FE73141689DA2E7EC8676D47435BD6423E. Se recomienda actualizar el componente afectado."}], "lastModified": "2026-06-17T08:39:09.070", "sourceIdentifier": "cna@vuldb.com"}