CVE-2025-27152— Possible SSRF and Credential Leakage via Absolute URL in axios Requests

EPSS 0.21% · P44 Updated Mar 08, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-27152

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Possible SSRF and Credential Leakage via Absolute URL in axios Requests

Source: NVD (National Vulnerability Database)

Vulnerability Description

axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

服务端请求伪造(SSRF)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Axios 代码问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Axios是Axios开源的一款基于Promise（异步编程的一种解决方案）的HTTP客户端。 Axios 1.8.2之前版本存在代码问题漏洞，该漏洞源于传递绝对URL可能导致SSRF和凭据泄露。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
axios	axios	< 1.8.2	-

II. Public POCs for CVE-2025-27152

#	POC Description	Source Link	Shenlong Link
1	Demonstration of CVE-2025-27152	https://github.com/andreglock/axios-ssrf	POC Details
2	Axios CVE-2025-27152 PoC	https://github.com/davidblakecoe/axios-CVE-2025-27152-PoC	POC Details
3	A demonstration of the recent vuln CVE-2025-27152	https://github.com/WillFortMadeTech/axiosVulnExample	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-27152

请登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: axios

Same vendor: axios

Same weakness: CWE-918

V. Comments for CVE-2025-27152

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-27152— Possible SSRF and Credential Leakage via Absolute URL in axios Requests

I. Basic Information for CVE-2025-27152

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-27152

III. Intelligence Information for CVE-2025-27152

IV. Related Vulnerabilities

V. Comments for CVE-2025-27152

Leave a comment