CVE-2025-8529 | cloudfavorites favorites-web up to 1.3.0 CollectController.java getCollectLogoUrl url server-side request forgery (Issue 134)

A vulnerability classified as critical was found in cloudfavorites favorites-web up to 1.3.0. Affected by this vulnerability is the function getCollectLogoUrl of the file app/src/main/java/com/favorites/web/CollectController.java. The manipulation of the argument url leads to server-side request forgery.

This vulnerability is known as CVE-2025-8529. The attack can be launched remotely. Furthermore, there is an exploit available.VulDB Recent EntriesRead More