A critical Server-Side Request Forgery (SSRF) vulnerability has been discovered in the popular PHP library PhpSpreadsheet, allowing attackers to inject arbitrary HTML content that triggers HTTP requests from the server.
Tracked as CVE-2025-54370 and published under GitHub Security Advisory GHSA-rx7m-68vc-ppxh, the vulnerability affects a...