Plattform
nodejs
Komponente
@angular/ssr
Behoben in
19.0.1
20.0.1
21.0.1
19.2.18
This vulnerability is a Server-Side Request Forgery (SSRF) flaw found in the @angular/ssr package, a component used for server-side rendering in Angular applications. An attacker can exploit this flaw to make arbitrary requests from the server, potentially accessing internal resources or interacting with other services. The vulnerability affects versions prior to 19.2.18 and a fix has been released.
The SSRF vulnerability arises from how @angular/ssr handles URL resolution. Specifically, the createRequestUrl function utilizes the native URL constructor. When an incoming request path begins with a double forward slash (//) or backslash (\\), the URL constructor interprets this as a schema-relative URL. This bypasses the intended base URL (protocol, host, and port) and allows attackers to construct URLs that resolve against the server's scheme. This can lead to unauthorized access to internal services, reading sensitive files, or even interacting with external systems on behalf of the server. The potential blast radius depends on the internal network and services accessible from the server.
This vulnerability was publicly disclosed on 2025-10-16. There is currently no known active exploitation campaigns targeting this specific flaw. The vulnerability is not listed on the CISA KEV catalog as of this writing. Public proof-of-concept (PoC) code is likely to emerge given the SSRF nature of the vulnerability and its relatively straightforward exploitation path.
Applications utilizing @angular/ssr for server-side rendering, particularly those deployed in environments with access to sensitive internal resources or services, are at risk. This includes applications using legacy Angular versions or those with misconfigured network access controls.
• nodejs / server:
# Check for vulnerable @angular/ssr versions
npm list @angular/ssr• nodejs / server:
# Monitor outbound requests for unusual destinations
netstat -an | grep '@angular/ssr'• generic web:
Inspect server logs for requests containing // or \\ in the URL path, especially those originating from untrusted sources.
disclosure
Exploit-Status
EPSS
0.06% (17% Perzentil)
CISA SSVC
The primary mitigation is to upgrade to @angular/ssr version 19.2.18 or later, which includes a fix for this SSRF vulnerability. If upgrading immediately is not feasible, consider implementing a Web Application Firewall (WAF) or proxy to filter incoming requests and block those containing schema-relative URLs (starting with // or \\). Additionally, carefully review and restrict the allowed protocols and domains that the server is permitted to access. Monitor server logs for unusual outbound requests that might indicate exploitation attempts. After upgrading, confirm the fix by testing URL resolution with various schema-relative URLs to ensure they are properly handled.
Aktualisieren Sie das Paket @angular/ssr auf Version 19.2.18, 20.3.6 oder 21.0.0-next.8, oder eine spätere Version. Dies behebt die SSRF-Schwachstelle im URL-Auflösungsmecanismus.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-62427 is a Server-Side Request Forgery (SSRF) vulnerability in the @angular/ssr package, allowing attackers to make requests from the server.
You are affected if you are using @angular/ssr versions prior to 19.2.18 and have not implemented mitigating controls.
Upgrade to @angular/ssr version 19.2.18 or later. Consider WAF rules to block schema-relative URLs as a temporary workaround.
As of now, there are no confirmed active exploitation campaigns, but PoCs are likely to emerge.
Refer to the official Angular security advisories and the @angular/ssr repository for updates and detailed information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.