CVE-2025-68696 — Server-Side Request Forgery in Httparty

CWE-918 — Server-Side Request Forgery8 documents7 sources

Severity

8.8HIGHNVD

EPSS

0.1%

top 81.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jnunemaker Httparty

Timeline

PublishedDec 23

Description

httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

▶NVDjnunemaker/httparty< 0.24.0

▶RubyGemsjnunemaker/httparty< 0.24.0

▶CVEListV5jnunemaker/httparty0.23.2

Patches

Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2025-68696: httparty is an API tool↗2025-12-23

▶

CVEList

httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage↗2025-12-23

▶

GHSA

httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage↗2025-12-23

▶

OSV

httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage↗2025-12-23

▶

📋Vendor Advisories

Red Hat

httparty: Httparty: Server-Side Request Forgery (SSRF) allows information disclosure and unauthorized internal access.↗2025-12-23

▶

Debian

CVE-2025-68696: ruby-httparty - httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-68696 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶