Skip to content

Instantly share code, notes, and snippets.

@Shulelk

Shulelk/CVE-2025-52362.md

Created July 20, 2025 03:25
Show Gist options
  • Save Shulelk/a18c11866be8609b22ff5df780a42422 to your computer and use it in GitHub Desktop.
Save Shulelk/a18c11866be8609b22ff5df780a42422 to your computer and use it in GitHub Desktop.
Download ZIP
CVE-2025-52362
Raw
CVE-2025-52362.md

PHProxy Server-Side Request Forgery (SSRF) vulnerability

Title: PHProxy Server-Side Request Forgery (SSRF) vulnerability

Advisory ID: CVE-2025-52362

Type: Remote

Impact: Information Disclosure, Bypass of server-side network controls

Release Date: 2025/7/20

Summary

PHProxy is a web HTTP proxy written in PHP. It is designed to bypass proxy restrictions through a web interface very similar to the popular CGIProxy.

Description

Server-Side Request Forgery (SSRF) vulnerability exists in the URL processing functionality of PHProxy version 1.1.1 and prior. The input validation for the _proxurl parameter can be bypassed, allowing a remote, unauthenticated attacker to submit a specially crafted URL.

Vendor

PHProxy - https://github.com/PHProxy/phproxy

Affected Versio

PHProxy - v1.1.1 and prior

PoC

https://f0rget.me/2025/06/13/phproxy-server-side-request-forgery-ssrf-vulnerability/

Discoverer

Shule - [email protected]

References

[1] https://github.com/PHProxy/phproxy

[2] https://f0rget.me/2025/06/13/phproxy-server-side-request-forgery-ssrf-vulnerability/

Contact

Shule

Web: https://f0rget.me/

e-mail: [email protected]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment