Vulnerability in Danielgatis Rembg

CVE-2025-25302

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to the rembg server and thus query any API…

EPSS: 0.000 (13.0th percentile) — read the EPSS interpretation.

Affected products

Danielgatis Rembg — versions <= 2.0.57

Weakness classification (CWE)

CWE-346 — Origin Validation Error

References

https://securitylab.github.com/advisories/GHSL-2024-161_GHSL-2024-162_rembg/ (x_refsource_CONFIRM)
https://github.com/danielgatis/rembg/blob/d1e00734f8a996abf512a3a5c251c7a9a392c90a/rembg/commands/s_command.py#L93 (x_refsource_MISC)