CVE-2025-25302 — MEDIUM (6.5)

Q: How severe is CVE-2025-25302?

CVE-2025-25302 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-25302?

Check the references section above for vendor advisories and patch information. Affected products include: Danielgatis Rembg.

Vulnerability Description

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to the rembg server and thus query any API. Even if authentication were to be enabled, allow_credentials is set to True, which would allow any website to send authenticated cross site requests.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Danielgatis	Rembg	<= 2.0.57

Related Weaknesses (CWE)

CWE-346

References

https://github.com/danielgatis/rembg/blob/d1e00734f8a996abf512a3a5c251c7a9a392c9Product
https://securitylab.github.com/advisories/GHSL-2024-161_GHSL-2024-162_rembg/ExploitThird Party Advisory

FAQ

What is CVE-2025-25302?

CVE-2025-25302 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to t...

How severe is CVE-2025-25302?

CVE-2025-25302 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-25302?

Check the references section above for vendor advisories and patch information. Affected products include: Danielgatis Rembg.