Server-Side Request Forgery (SSRF) vulnerability - CVE-2025-15104

[khusika]

Summary

I'm not sure how to reproduce this issue but checking it with npm audit will produce the message below:

URL for document that reproduces the problem

n/a

HTML/CSS/SVG snippet that reproduces the problem

n/a

Checker error messages

khusika@victus:~/khusika.id$ npm audit
# npm audit report

vnu-jar  *
Severity: moderate
Nu Html Checker (vnu) contains a Server-Side Request Forgery (SSRF) vulnerability - https://github.com/advisories/GHSA-fccg-7w3p-w66f
No fix available
node_modules/vnu-jar

1 moderate severity vulnerability

Some issues need review, and may require choosing
a different dependency.

Spec links/citations

GHSA-fccg-7w3p-w66f

Steps to reproduce

n/a

Expected behavior

n/a

Actual behavior

n/a

Screenshots or screen recordings

No response

[sideshowbarker]

I’m aware of the supposed vulnerability but don’t consider it to merit taking action.

[khusika]

I’m aware of the supposed vulnerability but don’t consider it to merit taking action.

Thank you for your response. The issue appears to be resolved in 26.2.1, as npm audit no longer reports similar security concerns. The fix is likely connected to commit b95c419