CVE-2025-64752 is a Server-Side Request Forgery (SSRF) vulnerability identified in gristlabs' grist-core, a spreadsheet hosting server. Versions prior to 1.7.7 allow any user with access to a document to exploit a feature that fetches data from arbitrary URLs, with the request executed on the server side. This SSRF flaw arises because the server performs HTTP/HTTPS fetches without sufficient validation or isolation, enabling attackers to leverage the server's privileged network position. This can lead to unauthorized access to internal services or sensitive data, effectively escalating an attacker's capabilities within the network. The vulnerability does not require authentication or user interaction, increasing its risk profile. The fix implemented in version 1.7.7 involves routing untrusted fetch requests through a proxy, mitigating direct server access to arbitrary URLs. The vulnerability is tracked as CWE-918 and assigned a CVSS v3.1 score of 6.8, indicating medium severity with a high confidentiality impact but no integrity or availability impact. No known exploits are currently reported in the wild. Workarounds include avoiding exposure of HTTP/HTTPS endpoints that handle sensitive credentials on instances running vulnerable grist-core versions.

For European organizations, this SSRF vulnerability poses a significant risk to confidentiality, as attackers can potentially access internal network resources or sensitive data by abusing the server's network privileges. Organizations using grist-core for spreadsheet hosting may face data leakage or unauthorized internal reconnaissance, which could be leveraged for further attacks. The vulnerability does not affect data integrity or availability directly but can facilitate lateral movement or information disclosure within corporate networks. Given that grist-core is used in collaborative environments, the risk extends to any user with document access, increasing the attack surface. The medium CVSS score reflects the complexity of exploitation due to required document access but highlights the critical confidentiality impact. European entities in sectors such as finance, government, or critical infrastructure that rely on grist-core or similar spreadsheet hosting solutions are particularly vulnerable to espionage or data breaches stemming from this flaw.

European organizations should immediately upgrade all grist-core instances to version 1.7.7 or later to apply the official fix that routes untrusted fetches through a proxy. Until upgrades are completed, restrict access to HTTP/HTTPS endpoints on servers running vulnerable versions, especially those exposing credentials or sensitive operations without authentication. Implement network segmentation to limit the server's ability to reach internal resources unnecessarily. Monitor logs for unusual outbound requests initiated by grist-core servers to detect potential exploitation attempts. Employ web application firewalls (WAFs) with SSRF detection capabilities to block suspicious server-side requests. Educate users about the risks of sharing documents with untrusted parties, as document access enables exploitation. Finally, conduct regular security assessments focusing on internal service exposure and SSRF vulnerabilities in web applications.