CVE-2025-68150 | parse-server up to 8.6.1/9.1.0 Instagram Graph API authData apiURL server-side request forgery (GHSA-3f5f-xgrj-97pf)

A vulnerability described as critical has been identified in parse-server up to 8.6.1/9.1.0. Affected by this vulnerability is the function authData of the component Instagram Graph API. Such manipulation of the argument apiURL leads to server-side request forgery.

This vulnerability is listed as CVE-2025-68150. The attack may be performed from remote. There is no available exploit.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More