CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
CVE-2025-9402 (GCVE-0-2025-9402)
Vulnerability from cvelistv5 – Published: 2025-08-25 01:32 – Updated: 2025-08-25 20:30
VLAI
Title
HuangDou UTCMS Config update.php server-side request forgery
Summary
A vulnerability was found in HuangDou UTCMS 9. This issue affects some unknown processing of the file app/modules/ut-frame/admin/update.php of the component Config Handler. Performing manipulation of the argument UPDATEURL results in server-side request forgery. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.321238 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.321238 | signaturepermissions-required |
| https://vuldb.com/?submit.632537 | third-party-advisory |
| https://github.com/August829/Yu/blob/main/20250811_1.md | related |
| https://github.com/August829/Yu/blob/main/2025081… | exploit |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9402",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T20:30:11.556232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T20:30:20.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Config Handler"
],
"product": "UTCMS",
"vendor": "HuangDou",
"versions": [
{
"status": "affected",
"version": "9"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yu Bao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in HuangDou UTCMS 9. This issue affects some unknown processing of the file app/modules/ut-frame/admin/update.php of the component Config Handler. Performing manipulation of the argument UPDATEURL results in server-side request forgery. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In HuangDou UTCMS 9 wurde eine Schwachstelle gefunden. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei app/modules/ut-frame/admin/update.php der Komponente Config Handler. Durch Manipulieren des Arguments UPDATEURL mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T01:32:07.248Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321238 | HuangDou UTCMS Config update.php server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.321238"
},
{
"name": "VDB-321238 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321238"
},
{
"name": "Submit #632537 | HuangDou UTCMS V9 RCE vulnerability for remote file download in the background",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.632537"
},
{
"tags": [
"related"
],
"url": "https://github.com/August829/Yu/blob/main/20250811_1.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/August829/Yu/blob/main/20250811_1.md#poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-24T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-24T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-24T16:57:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "HuangDou UTCMS Config update.php server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9402",
"datePublished": "2025-08-25T01:32:07.248Z",
"dateReserved": "2025-08-24T14:52:36.289Z",
"dateUpdated": "2025-08-25T20:30:20.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9414 (GCVE-0-2025-9414)
Vulnerability from cvelistv5 – Published: 2025-08-25 18:32 – Updated: 2025-08-25 19:00
VLAI
Title
kalcaddle kodbox Download from Link serverDownload server-side request forgery
Summary
A vulnerability was found in kalcaddle kodbox 1.61. Affected by this vulnerability is an unknown functionality of the file /?explorer/upload/serverDownload of the component Download from Link Handler. Performing manipulation of the argument url results in server-side request forgery. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.321256 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.321256 | signaturepermissions-required |
| https://vuldb.com/?submit.633727 | third-party-advisory |
| https://gist.github.com/SysEternals/a03d45b582451… | exploit |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9414",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T18:52:54.972034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T19:00:18.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Download from Link Handler"
],
"product": "kodbox",
"vendor": "kalcaddle",
"versions": [
{
"status": "affected",
"version": "1.61"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "AquaNight (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in kalcaddle kodbox 1.61. Affected by this vulnerability is an unknown functionality of the file /?explorer/upload/serverDownload of the component Download from Link Handler. Performing manipulation of the argument url results in server-side request forgery. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in kalcaddle kodbox 1.61 gefunden. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /?explorer/upload/serverDownload der Komponente Download from Link Handler. Die Ver\u00e4nderung des Parameters url resultiert in server-side request forgery. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T18:32:07.112Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321256 | kalcaddle kodbox Download from Link serverDownload server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.321256"
},
{
"name": "VDB-321256 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321256"
},
{
"name": "Submit #633727 | KodCloud KodBox v1.61 Server-Side Request Forgery",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.633727"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/SysEternals/a03d45b582451f243f9c24076593c49c"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-25T11:10:21.000Z",
"value": "VulDB entry last update"
}
],
"title": "kalcaddle kodbox Download from Link serverDownload server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9414",
"datePublished": "2025-08-25T18:32:07.112Z",
"dateReserved": "2025-08-25T09:05:18.132Z",
"dateUpdated": "2025-08-25T19:00:18.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9522 (GCVE-0-2025-9522)
Vulnerability from cvelistv5 – Published: 2026-01-26 19:35 – Updated: 2026-02-03 19:08
VLAI
Title
Blind Server-Side Request Forgery (SSRF) in Omada Controller
Summary
Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information.
Severity
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.omadanetworks.com/us/document/115200/ | vendor-advisory |
| https://https://support.omadanetworks.com/us/down… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TP-Link Systems Inc. | Omada Controller |
Affected:
0 , < 6.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9522",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T19:08:27.549837Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T19:08:42.704Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Omada Controller",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Eduardo Bido on behalf of Thoropass"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information."
}
],
"value": "Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T19:35:59.689Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.omadanetworks.com/us/document/115200/"
},
{
"tags": [
"patch"
],
"url": "https://https://support.omadanetworks.com/us/download/software/omada-controller/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Blind Server-Side Request Forgery (SSRF) in Omada Controller",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2025-9522",
"datePublished": "2026-01-26T19:35:59.689Z",
"dateReserved": "2025-08-27T02:22:08.375Z",
"dateUpdated": "2026-02-03T19:08:42.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9799 (GCVE-0-2025-9799)
Vulnerability from cvelistv5 – Published: 2025-09-01 22:02 – Updated: 2025-09-02 20:10
VLAI
Title
Langfuse Webhook promptRouter.ts promptChangeEventSourcing server-side request forgery
Summary
A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited.
Severity
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.322114 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.322114 | signaturepermissions-required |
| https://vuldb.com/?submit.641128 | third-party-advisory |
| https://github.com/langfuse/langfuse/issues/8522 | issue-tracking |
| https://github.com/langfuse/langfuse/issues/8522#… | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Langfuse |
Affected:
3.0
Affected: 3.1 Affected: 3.2 Affected: 3.3 Affected: 3.4 Affected: 3.5 Affected: 3.6 Affected: 3.7 Affected: 3.8 Affected: 3.9 Affected: 3.10 Affected: 3.11 Affected: 3.12 Affected: 3.13 Affected: 3.14 Affected: 3.15 Affected: 3.16 Affected: 3.17 Affected: 3.18 Affected: 3.19 Affected: 3.20 Affected: 3.21 Affected: 3.22 Affected: 3.23 Affected: 3.24 Affected: 3.25 Affected: 3.26 Affected: 3.27 Affected: 3.28 Affected: 3.29 Affected: 3.30 Affected: 3.31 Affected: 3.32 Affected: 3.33 Affected: 3.34 Affected: 3.35 Affected: 3.36 Affected: 3.37 Affected: 3.38 Affected: 3.39 Affected: 3.40 Affected: 3.41 Affected: 3.42 Affected: 3.43 Affected: 3.44 Affected: 3.45 Affected: 3.46 Affected: 3.47 Affected: 3.48 Affected: 3.49 Affected: 3.50 Affected: 3.51 Affected: 3.52 Affected: 3.53 Affected: 3.54 Affected: 3.55 Affected: 3.56 Affected: 3.57 Affected: 3.58 Affected: 3.59 Affected: 3.60 Affected: 3.61 Affected: 3.62 Affected: 3.63 Affected: 3.64 Affected: 3.65 Affected: 3.66 Affected: 3.67 Affected: 3.68 Affected: 3.69 Affected: 3.70 Affected: 3.71 Affected: 3.72 Affected: 3.73 Affected: 3.74 Affected: 3.75 Affected: 3.76 Affected: 3.77 Affected: 3.78 Affected: 3.79 Affected: 3.80 Affected: 3.81 Affected: 3.82 Affected: 3.83 Affected: 3.84 Affected: 3.85 Affected: 3.86 Affected: 3.87 Affected: 3.88.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9799",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T19:51:53.283383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T20:10:18.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Webhook Handler"
],
"product": "Langfuse",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"status": "affected",
"version": "3.1"
},
{
"status": "affected",
"version": "3.2"
},
{
"status": "affected",
"version": "3.3"
},
{
"status": "affected",
"version": "3.4"
},
{
"status": "affected",
"version": "3.5"
},
{
"status": "affected",
"version": "3.6"
},
{
"status": "affected",
"version": "3.7"
},
{
"status": "affected",
"version": "3.8"
},
{
"status": "affected",
"version": "3.9"
},
{
"status": "affected",
"version": "3.10"
},
{
"status": "affected",
"version": "3.11"
},
{
"status": "affected",
"version": "3.12"
},
{
"status": "affected",
"version": "3.13"
},
{
"status": "affected",
"version": "3.14"
},
{
"status": "affected",
"version": "3.15"
},
{
"status": "affected",
"version": "3.16"
},
{
"status": "affected",
"version": "3.17"
},
{
"status": "affected",
"version": "3.18"
},
{
"status": "affected",
"version": "3.19"
},
{
"status": "affected",
"version": "3.20"
},
{
"status": "affected",
"version": "3.21"
},
{
"status": "affected",
"version": "3.22"
},
{
"status": "affected",
"version": "3.23"
},
{
"status": "affected",
"version": "3.24"
},
{
"status": "affected",
"version": "3.25"
},
{
"status": "affected",
"version": "3.26"
},
{
"status": "affected",
"version": "3.27"
},
{
"status": "affected",
"version": "3.28"
},
{
"status": "affected",
"version": "3.29"
},
{
"status": "affected",
"version": "3.30"
},
{
"status": "affected",
"version": "3.31"
},
{
"status": "affected",
"version": "3.32"
},
{
"status": "affected",
"version": "3.33"
},
{
"status": "affected",
"version": "3.34"
},
{
"status": "affected",
"version": "3.35"
},
{
"status": "affected",
"version": "3.36"
},
{
"status": "affected",
"version": "3.37"
},
{
"status": "affected",
"version": "3.38"
},
{
"status": "affected",
"version": "3.39"
},
{
"status": "affected",
"version": "3.40"
},
{
"status": "affected",
"version": "3.41"
},
{
"status": "affected",
"version": "3.42"
},
{
"status": "affected",
"version": "3.43"
},
{
"status": "affected",
"version": "3.44"
},
{
"status": "affected",
"version": "3.45"
},
{
"status": "affected",
"version": "3.46"
},
{
"status": "affected",
"version": "3.47"
},
{
"status": "affected",
"version": "3.48"
},
{
"status": "affected",
"version": "3.49"
},
{
"status": "affected",
"version": "3.50"
},
{
"status": "affected",
"version": "3.51"
},
{
"status": "affected",
"version": "3.52"
},
{
"status": "affected",
"version": "3.53"
},
{
"status": "affected",
"version": "3.54"
},
{
"status": "affected",
"version": "3.55"
},
{
"status": "affected",
"version": "3.56"
},
{
"status": "affected",
"version": "3.57"
},
{
"status": "affected",
"version": "3.58"
},
{
"status": "affected",
"version": "3.59"
},
{
"status": "affected",
"version": "3.60"
},
{
"status": "affected",
"version": "3.61"
},
{
"status": "affected",
"version": "3.62"
},
{
"status": "affected",
"version": "3.63"
},
{
"status": "affected",
"version": "3.64"
},
{
"status": "affected",
"version": "3.65"
},
{
"status": "affected",
"version": "3.66"
},
{
"status": "affected",
"version": "3.67"
},
{
"status": "affected",
"version": "3.68"
},
{
"status": "affected",
"version": "3.69"
},
{
"status": "affected",
"version": "3.70"
},
{
"status": "affected",
"version": "3.71"
},
{
"status": "affected",
"version": "3.72"
},
{
"status": "affected",
"version": "3.73"
},
{
"status": "affected",
"version": "3.74"
},
{
"status": "affected",
"version": "3.75"
},
{
"status": "affected",
"version": "3.76"
},
{
"status": "affected",
"version": "3.77"
},
{
"status": "affected",
"version": "3.78"
},
{
"status": "affected",
"version": "3.79"
},
{
"status": "affected",
"version": "3.80"
},
{
"status": "affected",
"version": "3.81"
},
{
"status": "affected",
"version": "3.82"
},
{
"status": "affected",
"version": "3.83"
},
{
"status": "affected",
"version": "3.84"
},
{
"status": "affected",
"version": "3.85"
},
{
"status": "affected",
"version": "3.86"
},
{
"status": "affected",
"version": "3.87"
},
{
"status": "affected",
"version": "3.88.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited."
},
{
"lang": "de",
"value": "In Langfuse bis 3.88.0 wurde eine Schwachstelle gefunden. Hierbei betrifft es die Funktion promptChangeEventSourcing der Datei web/src/features/prompts/server/routers/promptRouter.ts der Komponente Webhook Handler. Mit der Manipulation mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff l\u00e4sst sich \u00fcber das Netzwerk starten. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Es wird angegeben, dass die Ausnutzbarkeit schwierig ist. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.6,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T22:02:09.356Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-322114 | Langfuse Webhook promptRouter.ts promptChangeEventSourcing server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.322114"
},
{
"name": "VDB-322114 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.322114"
},
{
"name": "Submit #641128 | langfuse https://github.com/langfuse/langfuse \u003c=3.88.0 SSRF",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.641128"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/langfuse/langfuse/issues/8522"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/langfuse/langfuse/issues/8522#issue-3320549867"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-01T14:29:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "Langfuse Webhook promptRouter.ts promptChangeEventSourcing server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9799",
"datePublished": "2025-09-01T22:02:09.356Z",
"dateReserved": "2025-09-01T12:23:02.536Z",
"dateUpdated": "2025-09-02T20:10:18.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9805 (GCVE-0-2025-9805)
Vulnerability from cvelistv5 – Published: 2025-09-02 00:02 – Updated: 2025-09-02 19:34 X_Open Source
VLAI
Title
SimStudioAI sim route.ts server-side request forgery
Summary
A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This issue affects some unknown processing of the file apps/sim/app/api/proxy/image/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been made public and could be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The patch is identified as 3424a338b763115f0269b209e777608e4cd31785. Applying a patch is advised to resolve this issue.
Severity
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.322129 | vdb-entry |
| https://vuldb.com/?ctiid.322129 | signaturepermissions-required |
| https://vuldb.com/?submit.640821 | third-party-advisory |
| https://github.com/simstudioai/sim/issues/1128 | issue-tracking |
| https://github.com/simstudioai/sim/issues/1128#is… | issue-tracking |
| https://github.com/simstudioai/sim/issues/1128#is… | exploitissue-tracking |
| https://github.com/simstudioai/sim/commit/3424a33… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SimStudioAI | sim |
Affected:
51b1e97fa22c48d144aef75f8ca31a74ad2cfed2
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9805",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T19:33:51.520410Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T19:34:20.352Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sim",
"vendor": "SimStudioAI",
"versions": [
{
"status": "affected",
"version": "51b1e97fa22c48d144aef75f8ca31a74ad2cfed2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "0x1f (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This issue affects some unknown processing of the file apps/sim/app/api/proxy/image/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been made public and could be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The patch is identified as 3424a338b763115f0269b209e777608e4cd31785. Applying a patch is advised to resolve this issue."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in SimStudioAI sim bis 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2 entdeckt. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei apps/sim/app/api/proxy/image/route.ts. Durch die Manipulation mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verf\u00fcgbar. Die Bezeichnung des Patches lautet 3424a338b763115f0269b209e777608e4cd31785. Es ist ratsam, einen Patch zu implementieren, um dieses Problem zu beheben."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T00:02:07.900Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-322129 | SimStudioAI sim route.ts server-side request forgery",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.322129"
},
{
"name": "VDB-322129 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.322129"
},
{
"name": "Submit #640821 | simstudioai sim latest Server-side request forgery",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.640821"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/simstudioai/sim/issues/1128"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/simstudioai/sim/issues/1128#issuecomment-3226867869"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/simstudioai/sim/issues/1128#issue-3349260976"
},
{
"tags": [
"patch"
],
"url": "https://github.com/simstudioai/sim/commit/3424a338b763115f0269b209e777608e4cd31785"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2025-09-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-01T16:57:17.000Z",
"value": "VulDB entry last update"
}
],
"title": "SimStudioAI sim route.ts server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9805",
"datePublished": "2025-09-02T00:02:07.900Z",
"dateReserved": "2025-09-01T14:52:07.245Z",
"dateUpdated": "2025-09-02T19:34:20.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9821 (GCVE-0-2025-9821)
Vulnerability from cvelistv5 – Published: 2025-09-03 09:39 – Updated: 2025-09-03 14:12
VLAI
Title
SSRF via webhook function
Summary
SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed
DetailsWhen sending webhooks, the destination is not validated, causing SSRF.
ImpactBypass of firewalls to interact with internal services.
See https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/ for more potential impact.
Resources https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html for more information on SSRF and its fix.
Severity
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
Impacted products
Date Public
2025-09-03 08:56
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9821",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-03T14:07:29.437694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T14:12:35.814Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThanOrEqual": "\u003c 4.4.17",
"status": "affected",
"version": "\u003e= 4.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c 5.2.8",
"status": "affected",
"version": "\u003e= 5.0.0-alpha",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c 6.0.5",
"status": "affected",
"version": "\u003e= 6.0.0-alpha",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "asesidaa"
},
{
"lang": "en",
"type": "reporter",
"value": "lukehebe"
},
{
"lang": "en",
"type": "remediation developer",
"value": "patrykgruszka"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "kuzmany"
}
],
"datePublic": "2025-09-03T08:56:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch3\u003eSummary\u003c/h3\u003e\u003cp\u003eUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed\u003c/p\u003e\u003ch3\u003eDetails\u003c/h3\u003e\u003cp\u003eWhen sending webhooks, the destination is not validated, causing SSRF.\u003cbr\u003e\u003c/p\u003e\u003ch3\u003eImpact\u003c/h3\u003e\u003cp\u003eBypass of firewalls to interact with internal services.\u003cbr\u003eSee \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/\"\u003ehttps://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/\u003c/a\u003e\u0026nbsp;for more potential impact.\u003c/p\u003e\u003ch3\u003eResources\u003c/h3\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html\"\u003ehttps://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html\u003c/a\u003e\u0026nbsp;for more information on SSRF and its fix.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed\n\nDetailsWhen sending webhooks, the destination is not validated, causing SSRF.\n\n\nImpactBypass of firewalls to interact with internal services.\nSee https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/ \u00a0for more potential impact.\n\nResources https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html \u00a0for more information on SSRF and its fix."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T09:39:01.005Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-hj6f-7hp7-xg69"
}
],
"source": {
"advisory": "GHSA-hj6f-7hp7-xg69",
"discovery": "UNKNOWN"
},
"title": "SSRF via webhook function",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2025-9821",
"datePublished": "2025-09-03T09:39:01.005Z",
"dateReserved": "2025-09-02T08:22:33.758Z",
"dateUpdated": "2025-09-03T14:12:35.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9862 (GCVE-0-2025-9862)
Vulnerability from cvelistv5 – Published: 2025-09-17 15:02 – Updated: 2025-09-17 15:42
VLAI
Title
Ghost 6.0.6 - SSRF via oEmbed Bookmark
Summary
Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.
Severity
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://fluidattacks.com/advisories/regida | third-party-advisory |
| https://github.com/TryGhost/Ghost | product |
| https://github.com/TryGhost/Ghost/releases/tag/v6.0.9 | patch |
| https://github.com/TryGhost/Ghost/security/adviso… | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9862",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-17T15:42:29.239311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T15:42:32.020Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://fluidattacks.com/advisories/regida"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Ghost",
"vendor": "Ghost",
"versions": [
{
"lessThanOrEqual": "6.0.8",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.130.3",
"status": "affected",
"version": "5.99.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ghost:ghost:*:*:linux:*:*:*:*:*",
"versionEndIncluding": "6.0.8",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghost:ghost:*:*:linux:*:*:*:*:*",
"versionEndIncluding": "5.130.3",
"versionStartIncluding": "5.99.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.\u003cp\u003eThis issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.\u003c/p\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T15:02:01.533Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://fluidattacks.com/advisories/regida"
},
{
"tags": [
"product"
],
"url": "https://github.com/TryGhost/Ghost"
},
{
"tags": [
"patch"
],
"url": "https://github.com/TryGhost/Ghost/releases/tag/v6.0.9"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-f7qg-xj45-w956"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Ghost 6.0.6 - SSRF via oEmbed Bookmark",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2025-9862",
"datePublished": "2025-09-17T15:02:01.533Z",
"dateReserved": "2025-09-02T17:46:31.153Z",
"dateUpdated": "2025-09-17T15:42:32.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9868 (GCVE-0-2025-9868)
Vulnerability from cvelistv5 – Published: 2025-10-08 17:07 – Updated: 2025-10-08 17:23
VLAI
Title
Nexus Repository 2 - SSRF Vulnerability in Remote Browser Plugin
Summary
Server-Side Request Forgery (SSRF) in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attackers to exfiltrate proxy repository credentials via crafted HTTP requests.
Severity
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.sonatype.com/hc/en-us/articles/45… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sonatype | Nexus Repository |
Affected:
2.0.0 , ≤ 2.15.2
(semver)
cpe:2.3:a:sonatype:nexus_repository_manager:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.0.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.0.2:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.0.3:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.0.4:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.0.5:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.0.6:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.1.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.1.2:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.2.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.4.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.5.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.5.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.6.3:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.6.4:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.7.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.7.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.7.2:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.8.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.8.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.9.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.9.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.9.2:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.10.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.11.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.11.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.11.2:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.11.3:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.11.4:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.12.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.12.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.13.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.14.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.14.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.14.2:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.14.3:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.14.4:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.14.5:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.14.6:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.14.7:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.14.8:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.14.9:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.14.10:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.14.11:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.14.12:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.14.13:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.14.14:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.14.15:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.14.16:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.14.17:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.14.18:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.14.19:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.14.20:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.14.21:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.15.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.15.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:2.15.2:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9868",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-08T17:23:28.489309Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T17:23:36.055Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:sonatype:nexus_repository_manager:2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.9.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.9.2:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.11.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.11.2:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.11.3:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.11.4:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.12.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.12.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.13.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.14.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.14.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.14.2:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.14.3:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.14.4:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.14.5:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.14.6:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.14.7:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.14.8:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.14.9:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.14.10:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.14.11:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.14.12:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.14.13:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.14.14:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.14.15:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.14.16:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.14.17:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.14.18:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.14.19:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.14.20:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.14.21:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.15.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.15.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:2.15.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Nexus Repository",
"vendor": "Sonatype",
"versions": [
{
"lessThanOrEqual": "2.15.2",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Stepankin at GitHub Security Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF) in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attackers to exfiltrate proxy repository credentials via crafted HTTP requests."
}
],
"value": "Server-Side Request Forgery (SSRF) in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attackers to exfiltrate proxy repository credentials via crafted HTTP requests."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T17:07:45.543Z",
"orgId": "103e4ec9-0a87-450b-af77-479448ddef11",
"shortName": "Sonatype"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.sonatype.com/hc/en-us/articles/45363201583635"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Nexus Repository 2 - SSRF Vulnerability in Remote Browser Plugin",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "103e4ec9-0a87-450b-af77-479448ddef11",
"assignerShortName": "Sonatype",
"cveId": "CVE-2025-9868",
"datePublished": "2025-10-08T17:07:45.543Z",
"dateReserved": "2025-09-02T19:35:28.000Z",
"dateUpdated": "2025-10-08T17:23:36.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9960 (GCVE-0-2025-9960)
Vulnerability from cvelistv5 – Published: 2025-09-22 18:35 – Updated: 2025-12-03 21:12
VLAI
Title
is-localhost-ip 2.0.0 - SSRF via Restrictions bypass
Summary
A restriction bypass vulnerability in is-localhost-ip could allow attackers to perform Server-Side Request Forgery (SSRF).
This issue affects is-localhost-ip: 2.0.0.
Severity
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://fluidattacks.com/advisories/registrada | third-party-advisory |
| https://github.com/tinovyatkin/is-localhost-ip | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| is-localhost-ip | is-localhost-ip |
Affected:
2.0.0
(custom)
|
Date Public
2025-09-22 18:31
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T20:34:36.763100Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T20:34:44.217Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://registry.npmjs.org",
"defaultStatus": "unaffected",
"packageName": "is-localhost-ip",
"platforms": [
"Linux",
"Windows",
"MacOS"
],
"product": "is-localhost-ip",
"vendor": "is-localhost-ip",
"versions": [
{
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:is-localhost-ip:is-localhost-ip:2.0.0:*:linux:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:is-localhost-ip:is-localhost-ip:2.0.0:*:windows:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:is-localhost-ip:is-localhost-ip:2.0.0:*:macos:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2025-09-22T18:31:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A restriction bypass vulnerability in \u003cem\u003eis-localhost-ip\u003c/em\u003e could allow attackers to perform Server-Side Request Forgery (SSRF).\u003cbr\u003e\u003cp\u003eThis issue affects is-localhost-ip: 2.0.0.\u003c/p\u003e"
}
],
"value": "A restriction bypass vulnerability in is-localhost-ip could allow attackers to perform Server-Side Request Forgery (SSRF).\nThis issue affects is-localhost-ip: 2.0.0."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T21:12:50.599Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://fluidattacks.com/advisories/registrada"
},
{
"tags": [
"product"
],
"url": "https://github.com/tinovyatkin/is-localhost-ip"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "is-localhost-ip 2.0.0 - SSRF via Restrictions bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2025-9960",
"datePublished": "2025-09-22T18:35:34.895Z",
"dateReserved": "2025-09-03T16:46:48.448Z",
"dateUpdated": "2025-12-03T21:12:50.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9975 (GCVE-0-2025-9975)
Vulnerability from cvelistv5 – Published: 2025-10-11 09:28 – Updated: 2026-04-08 16:51
VLAI
Title
WP Scraper <= 5.8.1 - Authenticated (Administrator+) Server-Side Request Forgery
Summary
The WP Scraper plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.8.1 via the wp_scraper_extract_content function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. On Cloud instances, this issue allows for metadata retrieving.
Severity
6.8 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| rico-macchi | WP Scraper |
Affected:
0 , ≤ 5.8.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T18:32:05.883859Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T18:45:50.544Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP Scraper",
"vendor": "rico-macchi",
"versions": [
{
"lessThanOrEqual": "5.8.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vijay"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Scraper plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.8.1 via the wp_scraper_extract_content function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. On Cloud instances, this issue allows for metadata retrieving."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:51:17.308Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4c72abf9-f63d-4460-8c9b-10e3f65b71ba?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-scraper/tags/5.8.1/wp-scraper.php#L688"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3396219%40wp-scraper\u0026new=3396219%40wp-scraper\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-16T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-10-10T20:39:34.000Z",
"value": "Disclosed"
}
],
"title": "WP Scraper \u003c= 5.8.1 - Authenticated (Administrator+) Server-Side Request Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-9975",
"datePublished": "2025-10-11T09:28:37.954Z",
"dateReserved": "2025-09-04T11:22:02.807Z",
"dateUpdated": "2026-04-08T16:51:17.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.