PhpSpreadsheet Library Vulnerability Lets Attackers Inject Malicious HTML Input
Posted: Sun Aug 31, 2025 3:02 pm
A critical Server-Side Request Forgery (SSRF) vulnerability has been discovered in the popular PhpSpreadsheet library, allowing attackers to inject malicious HTML input when processing spreadsheet documents.
The vulnerability, assigned CVE-2025-54370, affects multiple versions of the phpoffice/phpspreadsheet package and carries a high severity rating with CVSS v3.1 score of 7.5 and CVSS v4.0 score of 8.7.
https://gbhackers.com/phpspreadsheet-li ... erability/
The vulnerability, assigned CVE-2025-54370, affects multiple versions of the phpoffice/phpspreadsheet package and carries a high severity rating with CVSS v3.1 score of 7.5 and CVSS v4.0 score of 8.7.
https://gbhackers.com/phpspreadsheet-li ... erability/