Vulnerability News
sysops

A high-severity Server-Side Request Forgery (SSRF) vulnerability has been identified in the widely used PhpSpreadsheet library, potentially allowing attackers to exploit internal network resources and compromise server security. 

The vulnerability, tracked as CVE-2025-54370, affects multiple versions of the phpoffice/phpspreadsheet package and carries a CVSS v4.0 score of 8.7.

Key Takeaways1. SSRF in PhpSpreadsheet’s WorksheetDrawing::setPath via malicious HTML image tags.2. Affects < 1.30.0, 2.0.0–2.1.11, 2.2.0–2.3.x, 3.0.0–3.9.x, 4.x 

Related Posts

Arm, a leader in semiconductor technology, has disclosed a series of critical security vulnerabilities affecting its Mali GPU Kernel Drivers…

SSHAmble is a powerful open-source reconnaissance tool designed to identify and exploit vulnerabilities in SSH implementations across internet-facing systems.  Presented…

Zoom has disclosed a critical vulnerability affecting multiple Windows-based clients, potentially allowing attackers to escalate privileges and compromise user systems.…