CVE-2025-27152 (Medium) Detected In Axios-1.8.1.tgz

CVE-2025-27152 (Medium) Detected in axios-1.8.1.tgz: A Threat to Your Application's Security

Introduction

In today's digital landscape, security is a top priority for developers and organizations alike. With the increasing reliance on open-source libraries, the risk of vulnerabilities is higher than ever. In this article, we will delve into the details of CVE-2025-27152, a medium-severity vulnerability detected in axios-1.8.1.tgz. We will explore the impact of this vulnerability, its CVSS 3 score, and the suggested fix to ensure your application's security.

CVE-2025-27152: A Threat to Your Application's Security

axios is a popular promise-based HTTP client for the browser and node.js. However, a vulnerability was discovered in version 1.8.1.tgz, which can lead to Server-Side Request Forgery (SSRF) and credential leakage. This issue occurs when passing absolute URLs rather than protocol-relative URLs to axios, even if the baseURL is set.

The vulnerability is caused by axios sending the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. The good news is that this issue is fixed in version 1.8.2.

Vulnerability Details

• Publish Date: 2025-03-07
• URL: https://www.mend.io/vulnerability-database/CVE-2025-27152
• Impact: SSRF and credential leakage
• Fixed in: 1.8.2

CVSS 3 Score Details

The CVSS 3 score for CVE-2025-27152 is 5.5, indicating a medium-severity vulnerability. The CVSS 3 score is calculated based on the following metrics:

• Base Score Metrics:
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

The suggested fix for CVE-2025-27152 is to upgrade to version 1.8.2 or later. This fix is available on GitHub, and the release date is 2025-03-07.

• Type: Upgrade version
• Origin: https://github.com/advisories/GHSA-jr5f-v2jv-69x6
• Release Date: 2025-03-07
• Fix Resolution: 1.8.2

Conclusion

CVE-2025-27152 is a medium-severity vulnerability detected in axios-1.8.1.tgz. This vulnerability can lead to SSRF and credential leakage, impacting both server-side and client-side usage of axios. The good news is that this issue is fixed in version 1.8.2. We recommend upgrading to the latest version to ensure your application's security.

Step Up Your Open Source Security Game with Mend

At Mend, we understand the importance of open-source security. Our solution provides a comprehensive security platform that helps you identify and fix vulnerabilities in your open-source libraries. With Mend, you can:

• Identify vulnerabilities: Our platform scans your codebase for vulnerabilities and provides detailed reports.
• Fix vulnerabilities: Our solution provides suggested fixes and recommendations to help you fix vulnerabilities quickly.
• Monitor your codebase: Our platform continuously monitors your codebase for new vulnerabilities and provides updates.

Don't wait until it's too late. Step up your open-source security game with Mend today. Learn more.
CVE-2025-27152 (Medium) Detected in axios-1.8.1.tgz: A Threat to Your Application's Security - Q&A

Introduction

In our previous article, we discussed the details of CVE-2025-27152, a medium-severity vulnerability detected in axios-1.8.1.tgz. This vulnerability can lead to Server-Side Request Forgery (SSRF) and credential leakage, impacting both server-side and client-side usage of axios. In this article, we will answer some frequently asked questions about CVE-2025-27152 and provide additional information to help you understand the vulnerability and its impact.

Q&A

Q: What is CVE-2025-27152?

A: CVE-2025-27152 is a medium-severity vulnerability detected in axios-1.8.1.tgz. This vulnerability can lead to Server-Side Request Forgery (SSRF) and credential leakage, impacting both server-side and client-side usage of axios.

Q: What is the impact of CVE-2025-27152?

A: The impact of CVE-2025-27152 is SSRF and credential leakage. This means that an attacker can potentially access sensitive data or perform unauthorized actions on your application.

Q: How does CVE-2025-27152 occur?

A: CVE-2025-27152 occurs when passing absolute URLs rather than protocol-relative URLs to axios, even if the baseURL is set. This can cause axios to send the request to the specified absolute URL, potentially leading to SSRF and credential leakage.

Q: Is CVE-2025-27152 fixed in a later version of axios?

A: Yes, CVE-2025-27152 is fixed in version 1.8.2 or later of axios.

Q: How can I fix CVE-2025-27152 in my application?

A: To fix CVE-2025-27152 in your application, you can upgrade to version 1.8.2 or later of axios. You can also use the suggested fix provided by the axios team.

Q: What is the CVSS 3 score for CVE-2025-27152?

A: The CVSS 3 score for CVE-2025-27152 is 5.5, indicating a medium-severity vulnerability.

Q: What are the base score metrics for CVE-2025-27152?

A: The base score metrics for CVE-2025-27152 are:

• Attack Vector: Local
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Scope: Unchanged

Q: What are the impact metrics for CVE-2025-27152?

A: The impact metrics for CVE-2025-27152 are:

• Confidentiality Impact: None
• Integrity Impact: None
• Availability Impact: High

Conclusion

CVE-2025-27152 is a medium-severity vulnerability detected in axios-1.8.1.tgz. This vulnerability can lead to SSRF and credential leakage, impacting both server-side and client-side usage of axios. We recommend upgrading to version 1.8.2 or later of axios to fix this vulnerability. If you have any further questions or concerns, please don't hesitate to contact us.

Step Up Your Open Source Security Game with Mend

At Mend, we understand the importance of open-source security. Our solution provides a comprehensive security platform that helps you identify and fix vulnerabilities in your open-source libraries. With Mend, you can:

• Identify vulnerabilities: Our platform scans your codebase for vulnerabilities and provides detailed reports.
• Fix vulnerabilities: Our solution provides suggested fixes and recommendations to help you fix vulnerabilities quickly.
• Monitor your codebase: Our platform continuously monitors your codebase for new vulnerabilities and provides updates.

Don't wait until it's too late. Step up your open-source security game with Mend today. Learn more.