CVE-2025-52477 – Octo-STS GitHub App SSRF Vulnerability

June 26, 2025

CVE ID : CVE-2025-52477

Published : June 26, 2025, 5:15 p.m. | 1 hour, 44 minutes ago

Description : Octo-STS is a GitHub App that acts like a Security Token Service (STS) for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error logs with sensitive information. Upgrade to v0.5.3 to resolve this issue. This version includes patch sets to sanitize input and redact logging.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleKelpUI

Next Article CVE-2024-52928 – Arc Browser Privilege Escalation Vulnerability

Highlights

CVE-2025-20130 – “Cisco ISE File Upload Vulnerability”

June 4, 2025

CVE ID : CVE-2025-20130

Published : June 4, 2025, 5:15 p.m. | 2 hours, 21 minutes ago

Description : A vulnerability in the API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device.

This vulnerability is due to improper validation of the file copy function. An attacker could exploit this vulnerability by sending a crafted file upload request to a specific API endpoint. A successful exploit could allow the attacker to upload arbitrary files to an affected system.

Severity: 4.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-52477 – Octo-STS GitHub App SSRF Vulnerability

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

Beginner’s Guide to Playwright Testing in Next.js

The Turing Test has a problem – and OpenAI’s GPT-4.5 just exposed it

Affordable 4o Image API for Fast Image Generation

Vibe Loop: AI-native reliability engineering for the real world

CVE-2025-20130 – “Cisco ISE File Upload Vulnerability”

Build a scalable AI video generator using Amazon SageMaker AI and CogVideoX

New Opossum Attack Allows Hackers to Compromise Secure TLS Channels with Malicious Messages

10+ Best Free Portfolio & Lookbook Templates for InDesign in 2025

CVE-2025-52477 – Octo-STS GitHub App SSRF Vulnerability

Related Posts