SSRF in Danielgatis Rembg

CVE-2025-25301

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoint takes a URL query parameter that allows an image to be fetched, processed and returned. An attacker may be able to query this endpoint to vi…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.000 (13.3th percentile) — read the EPSS interpretation.