CVE-2025-54370 in PhpSpreadsheetinfo

Zusammenfassung

von MITRE • 25.08.2025

PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerability lies in the setPath method of the PhpOffice\PhpSpreadsheet\Worksheet\Drawing class, where a crafted string from the user is passed to the HTML reader. This issue has been patched in versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0.

Once again VulDB remains the best source for vulnerability data.

Zuständig

GitHub M

Reservieren

21.07.2025

Veröffentlichung

25.08.2025

Moderieren

akzeptiert

Eintrag

VDB-321297

CPE

bereit

EPSS

0.00741

KEV

nein

Aktivitäten

very low

Quellen

Do you want to use VulDB in your project?

Use the official API to access entries easily!