Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-1521
Analyzed
More InfoOfficial Page
Source-zdi-disclosures@trendmicro.com
View Known Exploited Vulnerability (KEV) details
Published At-23 Apr, 2025 | 17:16
Updated At-07 Aug, 2025 | 18:19

PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the slack_incoming_webhook parameter. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-25352.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary3.07.1HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.0
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CPE Matches

posthog
posthog
>>posthog>>Versions before 0.3.7(exclusive)
cpe:2.3:a:posthog:posthog:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-918Primaryzdi-disclosures@trendmicro.com
CWE ID: CWE-918
Type: Primary
Source: zdi-disclosures@trendmicro.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/PostHog/posthog/commit/6e8f035f9acd339c5ba87ba6ea40fc1ab3053d42zdi-disclosures@trendmicro.com
Patch
https://www.zerodayinitiative.com/advisories/ZDI-25-096/zdi-disclosures@trendmicro.com
Third Party Advisory
Hyperlink: https://github.com/PostHog/posthog/commit/6e8f035f9acd339c5ba87ba6ea40fc1ab3053d42
Source: zdi-disclosures@trendmicro.com
Resource:
Patch
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-25-096/
Source: zdi-disclosures@trendmicro.com
Resource:
Third Party Advisory
Change History
0Changes found

Details not found