Platform
other
Component
posthog
Fixed in
8817.0.1
CVE-2025-1522 is an Information Disclosure vulnerability discovered in PostHog, allowing attackers to potentially expose sensitive data. This flaw stems from insufficient URI validation within the database_schema method, enabling Server-Side Request Forgery (SSRF). The vulnerability affects PostHog installations prior to version 3732c0fd9551ed29521b58611bf1e44d918c1032, and a fix has been released.
Successful exploitation of CVE-2025-1522 allows an attacker, authenticated within the PostHog environment, to trigger an SSRF request. This can lead to the disclosure of sensitive information accessible to the service account. The potential data exposure could include internal configuration details, API keys, or other credentials stored within the PostHog instance. While authentication is required, a compromised account or a vulnerability in the authentication mechanism could significantly broaden the attack surface. The blast radius is limited to the data accessible by the service account, but this could still be substantial depending on the PostHog configuration and data stored.
CVE-2025-1522 was disclosed on 2025-04-23. The vulnerability was initially reported to ZDI (ZDI-CAN-25358). Public proof-of-concept (PoC) code is currently unavailable, but the SSRF nature of the vulnerability suggests a moderate likelihood of exploitation if a PoC is released. The EPSS score is pending evaluation. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting PostHog.
Exploit Status
EPSS
0.26% (49% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-1522 is to upgrade PostHog to version 3732c0fd9551ed29521b58611bf1e44d918c1032 or later. If immediate upgrading is not possible due to compatibility concerns or downtime constraints, consider implementing temporary workarounds. While a direct WAF rule to block SSRF requests is difficult without knowing the specific target URI, restricting outbound network access for the PostHog service account to only necessary resources can reduce the potential impact. Regularly review and audit the PostHog service account permissions to minimize its privileges. After upgrading, confirm the fix by attempting an SSRF request via the database_schema endpoint and verifying that it is properly blocked.
Update PostHog to the version containing the SSRF vulnerability fix. Updating to version 3732c0fd9551ed29521b58611bf1e44d918c1032 or later resolves the issue. See the release notes for detailed instructions on how to perform the update.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-1522 is a HIGH severity Information Disclosure vulnerability in PostHog, allowing attackers to disclose sensitive information via SSRF. Authentication is required to exploit it.
You are affected if you are running PostHog prior to version 3732c0fd9551ed29521b58611bf1e44d918c1032. Check your version and upgrade immediately.
Upgrade to PostHog version 3732c0fd9551ed29521b58611bf1e44d918c1032 or later. Consider temporary workarounds like restricting outbound network access if immediate upgrade is not possible.
There are currently no confirmed reports of active exploitation, but the SSRF nature of the vulnerability suggests a potential risk if a PoC is released.
Refer to the official PostHog security advisory for detailed information and updates regarding CVE-2025-1522.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.