Key Information Vulnerability Overview CVE ID: CVE-2025-55911 Vulnerability Type: SSRF (Server-Side Request Forgery) Affected Version: ClipBucket 5.5.2 Build #90 Vulnerability Details Description: Low-privileged users can trigger an SSRF vulnerability via the parameter, which is used in the file. Impact: Allows access to internal services, local files, private-range cloud provider metadata configurations, and network services. Impact Vulnerability Type: Server-Side Request Forgery (SSRF) - Process Access Control Affected Versions: ClipBucket 5.5.2 Build #90 (confirmed), related code in v6 branch Potential Risks: Internal service discovery, potential metadata/key exposure (e.g., cloud metadata), and probing of internal services. Authentication may be required (non-privileged). Mitigation Recommendations Validate and Restrict the parameter to only known safe hosts or use an allowlist: block IP ranges, loopback, link-local, and cloud metadata endpoints. Intercept Requests: Allow only http/https protocols and disable other protocols. Server-Side URL Validation: Perform network requests through trusted services. Apply Network Policy Rules: Use firewall/application firewall rules to restrict connections to internal service targets. Reference Links GitHub Issue [CVE: CVE-2025-55911]