Vulnerability in Safedep Vet

CVE-2025-59163

vet is an open source software supply chain security tool. Versions 1.12.4 and below are vulnerable to a DNS rebinding attack due to lack of HTTP Host and Origin header validation. Data from the vet scan sqlite3 database may be exposed to…

EPSS: 0.002 (40.1th percentile) — read the EPSS interpretation.

Affected products

Safedep Vet — versions < 1.12.5

Weakness classification (CWE)

CWE-350

References

https://github.com/safedep/vet/security/advisories/GHSA-6q9c-m9fr-865m (x_refsource_CONFIRM)
https://github.com/safedep/vet/commit/0ae3560ba11846375812377299fe078d45cc3d48 (x_refsource_MISC)
https://github.com/safedep/vet/releases/tag/v1.12.5 (x_refsource_MISC)