What is CVE-2025-53641?

CVE-2025-53641 is a high-severity vulnerability in Gitroomhq Postiz-app, classified under Server-Side Request Forgery (SSRF). CVSS score: 8.2/10. Published 2025-07-11.

How severe is CVE-2025-53641?

High severity. CVSS v3 base score is 8.2 out of 10.

SSRF in Gitroomhq Postiz-app

CVE-2025-53641

Postiz is an AI social media scheduling tool. From 1.45.1 to 1.62.3, the Postiz frontend application allows an attacker to inject arbitrary HTTP headers into the middleware pipeline. This flaw enables a server-side request forgery (SSRF) c…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.003 (49.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N.

Affected products

Gitroomhq Postiz-app — versions >= 1.45.1, < 1.62.3

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

https://github.com/gitroomhq/postiz-app/security/advisories/GHSA-48c8-25jq-m55f (x_refsource_CONFIRM)
https://github.com/gitroomhq/postiz-app/commit/65eca0e2f22155b43c78724ca43617ee52e42753 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-53641?: CVE-2025-53641 is a high-severity vulnerability in Gitroomhq Postiz-app, classified under Server-Side Request Forgery (SSRF). CVSS score: 8.2/10. Published 2025-07-11.
How severe is CVE-2025-53641?: High severity. CVSS v3 base score is 8.2 out of 10.