From 8d0663660ebcada13abbfee2fab7c1ce617834d1 Mon Sep 17 00:00:00 2001
From: Christian Flothmann <christian.flothmann@open.de>
Date: Fri, 29 Aug 2025 14:56:47 +0200
Subject: [PATCH] add GHSA-rx7m-68vc-ppxh

---
 phpoffice/phpspreadsheet/CVE-2025-54370.yaml | 26 ++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 phpoffice/phpspreadsheet/CVE-2025-54370.yaml

diff --git a/phpoffice/phpspreadsheet/CVE-2025-54370.yaml b/phpoffice/phpspreadsheet/CVE-2025-54370.yaml
new file mode 100644
index 000000000..e849c6105
--- /dev/null
+++ b/phpoffice/phpspreadsheet/CVE-2025-54370.yaml
@@ -0,0 +1,26 @@
+title:     PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser
+link:      https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-rx7m-68vc-ppxh
+cve:       CVE-2025-54370
+branches:
+    1.x:
+        time:       2025-08-03 01:26:00
+        versions:   ['<1.30.0']
+    '2.0':
+        time:       ~
+        versions:   ['>=2.0.0', '<2.1.0']
+    '2.1':
+        time:       2025-08-03 01:33:00
+        versions:   ['>=2.1.0', '<2.1.12']
+    '2.2':
+        time:       ~
+        versions:   ['>=2.2.0', '<2.3.0']
+    2.x:
+        time:       2025-08-03 01:38:00
+        versions:   ['>=2.3.0', '<2.4.0']
+    3.x:
+        time:       2025-08-03 01:42:00
+        versions:   ['>=3.0.0', '<3.10.0']
+    master:
+        time:       2025-08-03 01:06:00
+        versions:   ['>=4.0.0', '<5.0.0']
+reference: composer://phpoffice/phpspreadsheet