CVE-2025-15104 in Nu Html Checkerinfo

Zusammenfassung

von MITRE • 16.01.2026

Nu Html Checker (validator.nu) contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services. While the validator implements hostname-based protections to block direct access to localhost and 127.0.0.1, these controls can be bypassed using DNS rebinding techniques or domains that resolve to loopback addresses.This issue affects The Nu Html Checker (vnu): latest (commit 23f090a11bab8d0d4e698f1ffc197a4fe226a9cd).

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

Fluid Attacks

Reservieren

26.12.2025

Veröffentlichung

16.01.2026

Moderieren

akzeptiert

Eintrag

VDB-341565

CPE

bereit

CWE

CWE-918 (bestätigt)

CVSS

5.3 (NVD)

EPSS

0.00029

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-15104
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-15104
CVE Details	https://www.cvedetails.com/cve/CVE-2025-15104/

◂ Zurück Übersicht Weiter ▸

Interested in the pricing of exploits?

See the underground prices here!