Vulnerability Database

309,135

Total vulnerabilities in the database

CVE-2025-53641

Postiz is an AI social media scheduling tool. From 1.45.1 to 1.62.3, the Postiz frontend application allows an attacker to inject arbitrary HTTP headers into the middleware pipeline. This flaw enables a server-side request forgery (SSRF) condition, which can be exploited to initiate unauthorized outbound requests from the server hosting the Postiz application. This vulnerability is fixed in 1.62.3.

Published: Jul 11, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-53641
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.2
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWEs:

CWE-918

Affected Software
References

No affected software listed.

https://github.com/gitroomhq/postiz-app/commit/65eca0e2f22155b43c78724ca43617ee52e42753
https://github.com/gitroomhq/postiz-app/security/advisories/GHSA-48c8-25jq-m55f

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo