CVE-2025-44594

Halo · Halo

Halo versions 2.20.17 and earlier are susceptible to a server-side request forgery (SSRF) vulnerability via the attachment upload-from-url endpoint.

Executive summary

A critical server-side request forgery vulnerability in Halo allows unauthenticated attackers to force the server to make unauthorized requests to internal or external resources.

Vulnerability

This is a server-side request forgery (SSRF) vulnerability located in the /apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-from-url endpoint. The flaw allows an unauthenticated attacker to manipulate the upload function to interact with unauthorized network locations.

Business impact

The ability to perform SSRF poses a severe risk to internal network security, potentially allowing an attacker to bypass firewalls, access metadata services, or interact with internal-only APIs. Given the high CVSS score of 9.1, this vulnerability could lead to significant data exfiltration or internal service compromise, representing a critical threat to organizational infrastructure.

Remediation

Immediate Action: Upgrade your Halo installation to the latest available version provided by the vendor to remediate the SSRF flaw.

Proactive Monitoring: Inspect application logs for suspicious requests to the upload-from-url endpoint, particularly those containing internal IP addresses or unusual URL schemes.

Compensating Controls: Implement strict egress filtering on the server hosting Halo to prevent it from initiating unauthorized connections to sensitive internal network segments.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

This SSRF vulnerability presents a significant risk to the integrity and confidentiality of the internal network. Administrators should prioritize patching to the latest version immediately to eliminate the attack vector and prevent potential lateral movement within the environment.