VDB
CVE-2025-68696
CVE-2025-68696
PUBLISHED
CVSS 7.800000190734863 HIGH
httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd.
EPSS 0.06% · 18.0th percentile
Risk Scores
CVSS v4.0
7.800000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
EPSS Score
0.06%
18.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| RubyGems | httparty | 0 |
| jnunemaker | httparty | <= 0.23.2, 0 |
Timeline
- Dec 23, 2025 CVE Published
- Dec 24, 2025 EPSS Score
- Dec 24, 2025 PoC Published
- Dec 28, 2025 EPSS Score
- Dec 31, 2025 EPSS Score
- Jan 4, 2026 EPSS Score
- Jan 8, 2026 EPSS Score
- Jan 11, 2026 CVE Updated
- Jan 11, 2026 EPSS Score
- Jan 15, 2026 EPSS Score
- Jan 19, 2026 EPSS Score
- Jan 22, 2026 EPSS Score
References
- https://github.com/jnunemaker/httparty/security/advisories/GHSA-hm5p-x4rq-38w4 url
- https://github.com/jnunemaker/httparty/commit/0529bcd6309c9fd9bfdd50ae211843b10054c240 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-68696 advisory
- https://github.com/jnunemaker/httparty package
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/httparty/CVE-2025-68696.yml url