Critical Vulnerability Information Vulnerability Overview Type: Blind Server-Side Request Forgery (SSRF) Affected Versions: <= 0.6.7 Fixed Version: 0.6.8 CVE ID: CVE-2025-64327 Severity: Medium (CVSS v3 base score: 5.3) Vulnerability Description A blind Server-Side Request Forgery (SSRF) vulnerability exists in the endpoint, allowing attackers to send arbitrary requests to internal or external hosts. This could include discovering local machines, hosts on the local network, and open ports on internal network hosts. Details The endpoint is used solely to determine whether the URL pointed to by a bookmark is accessible. No validation is performed on the URL passed via the parameter to . Attackers can enumerate open ports and live hosts by passing arbitrary URLs. Proof of Concept (PoC) 1. Run a simple HTTP server: 2. Send a request: 3. Observe the request: Impact Attackers can automate this process using simple scripts to enumerate all IP addresses in the network and verify whether hosts are alive. Attackers can map the network, including live hosts, open ports on the local machine, and open ports on other hosts within the internal network.