Description

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Versions 0.6.7 and below contain a Blind Server-Side Request Forgery (SSRF) vulnerability, in its `/api/ping?url= endpoint`. This allows an attacker to make arbitrary requests to internal or external hosts. This can include discovering ports open on the local machine, hosts on the local network, and ports open on the hosts on the internal network. This issue is fixed in version 0.6.8.

INFO

Published Date :

2025-11-06T21:07:17.672Z

Last Modified :

2025-11-06T21:29:15.660Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-64327 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64327.

URL Resource
https://github.com/MatiasDesuu/ThinkDashboard/commit/16976263b22a4b0526b2c7c30294cc099258edae cve-icon cve-icon
https://github.com/MatiasDesuu/ThinkDashboard/releases/tag/0.6.8 cve-icon cve-icon
https://github.com/MatiasDesuu/ThinkDashboard/security/advisories/GHSA-p52r-qq3j-8p78 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact