Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Mon, 22 Sep 2025 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:* | |
Metrics |
cvssV3_1
|
cvssV3_1
|
Wed, 12 Mar 2025 03:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Fri, 07 Mar 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 07 Mar 2025 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2. | |
Title | Possible SSRF and Credential Leakage via Absolute URL in axios Requests | |
Weaknesses | CWE-918 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-03-07T19:32:17.511Z
Reserved: 2025-02-19T16:30:47.779Z
Link: CVE-2025-27152

Updated: 2025-03-07T19:32:13.477Z

Status : Analyzed
Published: 2025-03-07T16:15:38.773
Modified: 2025-09-22T18:52:22.807
Link: CVE-2025-27152


Updated: 2025-07-12T15:26:10Z