CVE-2025-24354 Information

Description

imgproxy is server for resizing processing and converting images. Imgproxy does not block the 0.0.0.0 address even with IMGPROXY_ALLOW_LOOPBACK_SOURCE_ADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2.

Reference

https://github.com/imgproxy/imgproxy/commit/3d4fed6842aa8930ec224d0ad75b0079b858e081 https://github.com/imgproxy/imgproxy/security/advisories/GHSA-j2hp-6m75-v4j4