QwikSec

Security Database

CVE

CWE

Training

CVE-2025-25302

Published: Mar 3, 2025

Modified: Mar 3, 2025

PUBLISHED

Description

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to the rembg server and thus query any API. Even if authentication were to be enabled, allow_credentials is set to True, which would allow any website to send authenticated cross site requests.

Vendor	Product	Versions
danielgatis	rembg	affected `<= 2.0.57`

Weaknesses (CWE)

References

https://securitylab.github.com/advisories/GHSL-2024-161_GHSL-2024-162_rembg/

x_refsource_CONFIRM

https://github.com/danielgatis/rembg/blob/d1e00734f8a996abf512a3a5c251c7a9a392c90a/rembg/commands/s_command.py#L93

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.