[HIGH] PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser

PKSA-64jn-3d9t-gncx CVE-2025-54370 GHSA-rx7m-68vc-ppxh

Affected package: phpoffice/phpspreadsheet

Affected version: <1.30.0|>=2.0.0,<2.1.0|>=2.1.0,<2.1.12|>=2.2.0,<2.3.0|>=2.3.0,<2.4.0|>=3.0.0,<3.10.0|>=4.0.0,<5.0.0

Reported by:
GitHub, FriendsOfPHP/security-advisories