A critical Server-Side Request Forgery (SSRF) vulnerability has been discovered in the popular PhpSpreadsheet library, allowing attackers to inject malicious HTML input when processing spreadsheet documents.
The vulnerability, assigned CVE-2025-54370, affects multiple versions of the phpoffice/phpspreadsheet package and carries a high severity rating with CVSS v3.1 score of 7.5 and CVSS v4.0 score of 8.7.
https://gbhackers.com/phpspreadsheet-li ... erability/