CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
CVE-2025-13147 (GCVE-0-2025-13147)
Vulnerability from cvelistv5 – Published: 2025-11-19 20:45 – Updated: 2025-11-19 20:50
VLAI
Title
External Service Interaction (DNS)
Summary
Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before 2024.1.8, from 2025.0.0 before 2025.0.4.
Severity
5.3 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Progress | MOVEit Transfer |
Affected:
0 , < 2024.1.8
(semver)
Affected: 2025.0.0 , < 2025.0.4 (semver) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13147",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T20:49:54.892323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T20:50:10.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MOVEit Transfer",
"vendor": "Progress",
"versions": [
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "2025.0.4",
"status": "affected",
"version": "2025.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Early Warning Services"
},
{
"lang": "en",
"type": "finder",
"value": "Michael McCambridge"
},
{
"lang": "en",
"type": "finder",
"value": "Brian Tigges"
},
{
"lang": "en",
"type": "finder",
"value": "Jason Scribner"
},
{
"lang": "en",
"type": "finder",
"value": "Alex Achs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer.\u003cp\u003eThis issue affects MOVEit Transfer: before 2024.1.8, from 2025.0.0 before 2025.0.4.\u003c/p\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before 2024.1.8, from 2025.0.0 before 2025.0.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T20:45:48.418Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"url": "https://docs.progress.com/bundle/moveit-transfer-release-notes-2024/page/Fixed-Issues-in-2024.1.8.html"
},
{
"url": "https://docs.progress.com/bundle/moveit-transfer-release-notes-2025/page/Fixed-Issues-in-2025.0.4.html"
},
{
"url": "https://docs.progress.com/bundle/moveit-transfer-release-notes-2025_1/page/Fixed-Issues-in-2025.1.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "External Service Interaction (DNS)",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2025-13147",
"datePublished": "2025-11-19T20:45:48.418Z",
"dateReserved": "2025-11-13T20:06:29.891Z",
"dateUpdated": "2025-11-19T20:50:10.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13174 (GCVE-0-2025-13174)
Vulnerability from cvelistv5 – Published: 2025-11-14 18:32 – Updated: 2025-11-14 18:57
VLAI
Title
rachelos WeRSS we-mp-rss Webhook mps.py do_job server-side request forgery
Summary
A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this vulnerability is the function do_job of the file /rachelos/we-mp-rss/blob/main/jobs/mps.py of the component Webhook Module. Executing manipulation of the argument web_hook_url can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
Severity
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.332465 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.332465 | signaturepermissions-required |
| https://vuldb.com/?submit.684803 | third-party-advisory |
| https://www.notion.so/SSRF-vulnerability-in-WeRSS… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| rachelos | WeRSS we-mp-rss |
Affected:
1.4.0
Affected: 1.4.1 Affected: 1.4.2 Affected: 1.4.3 Affected: 1.4.4 Affected: 1.4.5 Affected: 1.4.6 Affected: 1.4.7 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13174",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-14T18:47:26.911815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T18:57:17.553Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Webhook Module"
],
"product": "WeRSS we-mp-rss",
"vendor": "rachelos",
"versions": [
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.4.1"
},
{
"status": "affected",
"version": "1.4.2"
},
{
"status": "affected",
"version": "1.4.3"
},
{
"status": "affected",
"version": "1.4.4"
},
{
"status": "affected",
"version": "1.4.5"
},
{
"status": "affected",
"version": "1.4.6"
},
{
"status": "affected",
"version": "1.4.7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "din4 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this vulnerability is the function do_job of the file /rachelos/we-mp-rss/blob/main/jobs/mps.py of the component Webhook Module. Executing manipulation of the argument web_hook_url can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made available to the public and could be exploited."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in rachelos WeRSS we-mp-rss up to 1.4.7 entdeckt. Davon betroffen ist die Funktion do_job der Datei /rachelos/we-mp-rss/blob/main/jobs/mps.py der Komponente Webhook Module. Durch das Manipulieren des Arguments web_hook_url mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T18:32:06.004Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-332465 | rachelos WeRSS we-mp-rss Webhook mps.py do_job server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.332465"
},
{
"name": "VDB-332465 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.332465"
},
{
"name": "Submit #684803 | rachelos WeRSS WeRSS\u003c=1.4.7 Server-Side Request Forgery",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.684803"
},
{
"tags": [
"exploit"
],
"url": "https://www.notion.so/SSRF-vulnerability-in-WeRSS-WebHook-module-29bea92a3c4180a192b5caa9078bfb18"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-14T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-14T11:23:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "rachelos WeRSS we-mp-rss Webhook mps.py do_job server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13174",
"datePublished": "2025-11-14T18:32:06.004Z",
"dateReserved": "2025-11-14T10:18:04.575Z",
"dateUpdated": "2025-11-14T18:57:17.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13281 (GCVE-0-2025-13281)
Vulnerability from cvelistv5 – Published: 2025-12-14 21:27 – Updated: 2025-12-15 16:26
VLAI
Title
Portworx Half-Blind SSRF in kube-controller-manager
Summary
A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).
Severity
5.8 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/kubernetes/kubernetes/issues/135525 | issue-tracking |
| https://groups.google.com/g/kubernetes-security-a… | mailing-list |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kubernetes | Kubernetes |
Affected:
v1.30.0 , ≤ v1.30.14
(custom)
Affected: v1.31.0 , ≤ v1.31.14 (custom) Affected: v1.32.0 , ≤ v1.32.9 (custom) Affected: v1.33.0 , ≤ v1.33.5 (custom) Affected: v1.34.0 , ≤ v1.34.1 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-12-14T22:05:27.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/12/01/4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T16:26:52.505631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T16:26:59.485Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "v1.30.14",
"status": "affected",
"version": "v1.30.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.31.14",
"status": "affected",
"version": "v1.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.32.9",
"status": "affected",
"version": "v1.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.33.5",
"status": "affected",
"version": "v1.33.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.34.1",
"status": "affected",
"version": "v1.34.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cspan style=\"background-color: transparent;\"\u003eA half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane\u2019s host network (including link-local or loopback services). \u003c/span\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane\u2019s host network (including link-local or loopback services)."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-14T21:27:34.786Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/kubernetes/kubernetes/issues/135525"
},
{
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/EORqZg0k1l4/m/TtD-q0v7AgAJ"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To mitigate this vulnerability, upgrade Kubernetes or\u0026nbsp;\u003cspan style=\"background-color: transparent;\"\u003eenable the CSIMigrationPortworx feature gate.\u003c/span\u003e"
}
],
"value": "To mitigate this vulnerability, upgrade Kubernetes or enable the CSIMigrationPortworx feature gate."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Portworx Half-Blind SSRF in kube-controller-manager",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2025-13281",
"datePublished": "2025-12-14T21:27:34.786Z",
"dateReserved": "2025-11-16T20:53:36.588Z",
"dateUpdated": "2025-12-15T16:26:59.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13378 (GCVE-0-2025-13378)
Vulnerability from cvelistv5 – Published: 2025-11-27 09:27 – Updated: 2026-04-08 16:43
VLAI
Title
AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Unauthenticated Server-Side Request Forgery via 'pinecone_url' Parameter
Summary
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.0 via the ays_chatgpt_pinecone_upsert function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Severity
6.5 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ays-pro | AI ChatBot with ChatGPT and Content Generator by AYS |
Affected:
0 , ≤ 2.7.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13378",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T17:08:46.351229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T17:08:53.770Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AI ChatBot with ChatGPT and Content Generator by AYS",
"vendor": "ays-pro",
"versions": [
{
"lessThanOrEqual": "2.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chokri Hammedi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.0 via the ays_chatgpt_pinecone_upsert function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:43:17.117Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/293ad145-dc93-4d7a-83ba-78f8c730ed6d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ays-chatgpt-assistant/tags/2.6.9/admin/class-chatgpt-assistant-admin.php#L3483"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ays-chatgpt-assistant/trunk/admin/class-chatgpt-assistant-admin.php#L3483"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ays-chatgpt-assistant/trunk/includes/class-chatgpt-assistant.php#L222"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3402237/ays-chatgpt-assistant/tags/2.7.1/admin/class-chatgpt-assistant-admin.php?old=3382650\u0026old_path=ays-chatgpt-assistant%2Ftags%2F2.6.9%2Fadmin%2Fclass-chatgpt-assistant-admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-18T20:13:55.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-26T21:00:16.000Z",
"value": "Disclosed"
}
],
"title": "AI ChatBot with ChatGPT and Content Generator by AYS \u003c= 2.7.0 - Unauthenticated Server-Side Request Forgery via \u0027pinecone_url\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13378",
"datePublished": "2025-11-27T09:27:48.378Z",
"dateReserved": "2025-11-18T19:56:37.440Z",
"dateUpdated": "2026-04-08T16:43:17.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13393 (GCVE-0-2025-13393)
Vulnerability from cvelistv5 – Published: 2026-01-10 13:47 – Updated: 2026-04-08 17:17
VLAI
Title
Featured Image from URL (FIFU) <= 5.3.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'fifu_input_url'
Summary
The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.3.1. This is due to insufficient validation of user-supplied URLs before passing them to the getimagesize() function in the Elementor widget integration. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services via the fifu_input_url parameter in the FIFU Elementor widget granted they have permissions to use Elementor.
Severity
4.3 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| marceljm | Featured Image from URL (FIFU) |
Affected:
0 , ≤ 5.3.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13393",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T18:28:05.078670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T18:28:15.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Featured Image from URL (FIFU)",
"vendor": "marceljm",
"versions": [
{
"lessThanOrEqual": "5.3.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.3.1. This is due to insufficient validation of user-supplied URLs before passing them to the getimagesize() function in the Elementor widget integration. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services via the fifu_input_url parameter in the FIFU Elementor widget granted they have permissions to use Elementor."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:17:36.479Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b7115070-b84d-4d69-993a-f512b9f9c081?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/featured-image-from-url/trunk/elementor/widgets/widget.php#L94"
},
{
"url": "https://plugins.trac.wordpress.org/browser/featured-image-from-url/trunk/elementor/widgets/widget.php#L121"
},
{
"url": "https://research.cleantalk.org/cve-2025-13393/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3428744/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-19T01:27:50.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-01-09T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Featured Image from URL (FIFU) \u003c= 5.3.1 - Authenticated (Contributor+) Server-Side Request Forgery via \u0027fifu_input_url\u0027"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13393",
"datePublished": "2026-01-10T13:47:35.750Z",
"dateReserved": "2025-11-19T01:08:40.615Z",
"dateUpdated": "2026-04-08T17:17:36.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13588 (GCVE-0-2025-13588)
Vulnerability from cvelistv5 – Published: 2025-11-24 06:32 – Updated: 2025-11-24 13:49 X_Open Source
VLAI
Title
lKinderBueno Streamity Xtream IPTV Player proxy.php server-side request forgery
Summary
A vulnerability was found in lKinderBueno Streamity Xtream IPTV Player up to 2.8. The impacted element is an unknown function of the file public/proxy.php. Performing manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit has been made public and could be used. Upgrading to version 2.8.1 is sufficient to resolve this issue. The patch is named c70bfb8d36b47bfd64c5ec73917e1d9ddb97af92. It is suggested to upgrade the affected component.
Severity
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.333352 | vdb-entry |
| https://vuldb.com/?ctiid.333352 | signaturepermissions-required |
| https://vuldb.com/?submit.687573 | third-party-advisory |
| https://github.com/lakshayyverma/CVE-Discovery/bl… | exploit |
| https://github.com/lKinderBueno/Streamity-Xtream-… | patch |
| https://github.com/lKinderBueno/Streamity-Xtream-… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| lKinderBueno | Streamity Xtream IPTV Player |
Affected:
2.0
Affected: 2.1 Affected: 2.2 Affected: 2.3 Affected: 2.4 Affected: 2.5 Affected: 2.6 Affected: 2.7 Affected: 2.8 Unaffected: 2.8.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T13:49:31.184703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T13:49:41.734Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Streamity Xtream IPTV Player",
"vendor": "lKinderBueno",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.4"
},
{
"status": "affected",
"version": "2.5"
},
{
"status": "affected",
"version": "2.6"
},
{
"status": "affected",
"version": "2.7"
},
{
"status": "affected",
"version": "2.8"
},
{
"status": "unaffected",
"version": "2.8.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "lakshay12311 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in lKinderBueno Streamity Xtream IPTV Player up to 2.8. The impacted element is an unknown function of the file public/proxy.php. Performing manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit has been made public and could be used. Upgrading to version 2.8.1 is sufficient to resolve this issue. The patch is named c70bfb8d36b47bfd64c5ec73917e1d9ddb97af92. It is suggested to upgrade the affected component."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T06:32:06.723Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-333352 | lKinderBueno Streamity Xtream IPTV Player proxy.php server-side request forgery",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.333352"
},
{
"name": "VDB-333352 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.333352"
},
{
"name": "Submit #687573 | lKinderBueno Streamity Xtream IPTV Web player 2.8 Server-Side Request Forgery",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.687573"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/lakshayyverma/CVE-Discovery/blob/main/Streamity.md"
},
{
"tags": [
"patch"
],
"url": "https://github.com/lKinderBueno/Streamity-Xtream-IPTV-Web-player/commit/c70bfb8d36b47bfd64c5ec73917e1d9ddb97af92"
},
{
"tags": [
"patch"
],
"url": "https://github.com/lKinderBueno/Streamity-Xtream-IPTV-Web-player/releases/tag/v2.8.1"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2025-11-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-23T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-23T15:35:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "lKinderBueno Streamity Xtream IPTV Player proxy.php server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13588",
"datePublished": "2025-11-24T06:32:06.723Z",
"dateReserved": "2025-11-23T14:30:22.838Z",
"dateUpdated": "2025-11-24T13:49:41.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13789 (GCVE-0-2025-13789)
Vulnerability from cvelistv5 – Published: 2025-11-30 13:32 – Updated: 2025-12-01 15:48
VLAI
Title
ZenTao model.php makeRequest server-side request forgery
Summary
A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used. Upgrading to version 21.7.6 mitigates this issue. It is suggested to upgrade the affected component.
Severity
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.333793 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.333793 | signaturepermissions-required |
| https://vuldb.com/?submit.690728 | third-party-advisory |
| https://github.com/ez-lbz/ez-lbz.github.io/issues/2 | issue-tracking |
| https://github.com/ez-lbz/ez-lbz.github.io/issues… | issue-tracking |
| https://github.com/ez-lbz/ez-lbz.github.io/issues… | exploitissue-tracking |
| https://www.zentao.net/extension-viewext-6.html | broken-linkpatch |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13789",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T15:48:02.464124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T15:48:42.607Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ZenTao",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "21.7.6-8564"
},
{
"status": "unaffected",
"version": "21.7.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ez-lbz (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used. Upgrading to version 21.7.6 mitigates this issue. It is suggested to upgrade the affected component."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-30T13:32:16.964Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-333793 | ZenTao model.php makeRequest server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.333793"
},
{
"name": "VDB-333793 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.333793"
},
{
"name": "Submit #690728 | Zentao PMS \u003c=21.7.6-85642 SSRF",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.690728"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/ez-lbz/ez-lbz.github.io/issues/2"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/ez-lbz/ez-lbz.github.io/issues/2#issuecomment-3540247346"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/ez-lbz/ez-lbz.github.io/issues/2#issue-3598317459"
},
{
"tags": [
"broken-link",
"patch"
],
"url": "https://www.zentao.net/extension-viewext-6.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-29T21:34:00.000Z",
"value": "VulDB entry last update"
}
],
"title": "ZenTao model.php makeRequest server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13789",
"datePublished": "2025-11-30T13:32:16.964Z",
"dateReserved": "2025-11-29T20:28:34.209Z",
"dateUpdated": "2025-12-01T15:48:42.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13796 (GCVE-0-2025-13796)
Vulnerability from cvelistv5 – Published: 2025-11-30 23:32 – Updated: 2025-12-01 17:39
VLAI
Title
deco-cx apps Parameter analyticsScript.ts AnalyticsScript server-side request forgery
Summary
A security vulnerability has been detected in deco-cx apps up to 0.120.1. Affected by this vulnerability is the function AnalyticsScript of the file website/loaders/analyticsScript.ts of the component Parameter Handler. Such manipulation of the argument url leads to server-side request forgery. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 0.120.2 addresses this issue. It is suggested to upgrade the affected component.
Severity
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.333807 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.333807 | signaturepermissions-required |
| https://vuldb.com/?submit.691837 | third-party-advisory |
| https://github.com/deco-cx/apps/pull/1360 | issue-tracking |
| https://github.com/deco-cx/apps/releases/tag/0.120.2 | patch |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T17:38:54.697925Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T17:39:04.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Parameter Handler"
],
"product": "apps",
"vendor": "deco-cx",
"versions": [
{
"status": "affected",
"version": "0.120.0"
},
{
"status": "affected",
"version": "0.120.1"
},
{
"status": "unaffected",
"version": "0.120.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cucumbersalad (VulDB User)"
},
{
"lang": "en",
"type": "analyst",
"value": "cucumbersalad (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in deco-cx apps up to 0.120.1. Affected by this vulnerability is the function AnalyticsScript of the file website/loaders/analyticsScript.ts of the component Parameter Handler. Such manipulation of the argument url leads to server-side request forgery. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 0.120.2 addresses this issue. It is suggested to upgrade the affected component."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-30T23:32:06.222Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-333807 | deco-cx apps Parameter analyticsScript.ts AnalyticsScript server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.333807"
},
{
"name": "VDB-333807 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.333807"
},
{
"name": "Submit #691837 | Deco deco-apps 0.114.12 - 0.120.1 Server-Side Request Forgery",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.691837"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/deco-cx/apps/pull/1360"
},
{
"tags": [
"patch"
],
"url": "https://github.com/deco-cx/apps/releases/tag/0.120.2"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-30T20:45:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "deco-cx apps Parameter analyticsScript.ts AnalyticsScript server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13796",
"datePublished": "2025-11-30T23:32:06.222Z",
"dateReserved": "2025-11-30T13:54:14.862Z",
"dateUpdated": "2025-12-01T17:39:04.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13809 (GCVE-0-2025-13809)
Vulnerability from cvelistv5 – Published: 2025-12-01 05:32 – Updated: 2025-12-01 14:39
VLAI
Title
orionsec orion-ops SSH Connection MachineInfoController.java server-side request forgery
Summary
A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection Handler. Such manipulation of the argument host/sshPort/username/password/authType leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. A patch should be applied to remediate this issue. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.333819 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.333819 | signaturepermissions-required |
| https://vuldb.com/?submit.692069 | third-party-advisory |
| https://github.com/Xzzz111/exps/blob/main/archive… | related |
| https://github.com/Xzzz111/exps/blob/main/archive… | exploit |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13809",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T14:39:54.965191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T14:39:58.674Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Xzzz111/exps/blob/main/archives/orion-ops-ssrf-1/report.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Xzzz111/exps/blob/main/archives/orion-ops-ssrf-1/report.md#proof-of-concept"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"SSH Connection Handler"
],
"product": "orion-ops",
"vendor": "orionsec",
"versions": [
{
"status": "affected",
"version": "5925824997a3109651bbde07460958a7be249ed1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "sh7err04 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection Handler. Such manipulation of the argument host/sshPort/username/password/authType leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. A patch should be applied to remediate this issue. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T05:32:05.849Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-333819 | orionsec orion-ops SSH Connection MachineInfoController.java server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.333819"
},
{
"name": "VDB-333819 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.333819"
},
{
"name": "Submit #692069 | orionsec (project owner of Orion-ops) Orion-ops (server component) \u003c= master commit 5925824997a3109651bbde07460958a7be249ed1 Server-Side Request Forgery (SSRF)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.692069"
},
{
"tags": [
"related"
],
"url": "https://github.com/Xzzz111/exps/blob/main/archives/orion-ops-ssrf-1/report.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Xzzz111/exps/blob/main/archives/orion-ops-ssrf-1/report.md#proof-of-concept"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-30T15:30:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "orionsec orion-ops SSH Connection MachineInfoController.java server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13809",
"datePublished": "2025-12-01T05:32:05.849Z",
"dateReserved": "2025-11-30T14:25:27.878Z",
"dateUpdated": "2025-12-01T14:39:58.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13814 (GCVE-0-2025-13814)
Vulnerability from cvelistv5 – Published: 2025-12-01 07:32 – Updated: 2025-12-01 16:08
VLAI
Title
moxi159753 Mogu Blog v2 uploadPicsByUrl LocalFileServiceImpl.uploadPictureByUrl server-side request forgery
Summary
A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.333823 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.333823 | signaturepermissions-required |
| https://vuldb.com/?submit.692105 | third-party-advisory |
| https://github.com/Xzzz111/exps/blob/main/archive… | related |
| https://github.com/Xzzz111/exps/blob/main/archive… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| moxi159753 | Mogu Blog v2 |
Affected:
5.0
Affected: 5.1 Affected: 5.2 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13814",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T16:08:06.727722Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T16:08:16.795Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Mogu Blog v2",
"vendor": "moxi159753",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "5.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "sh7err04 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T07:32:06.011Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-333823 | moxi159753 Mogu Blog v2 uploadPicsByUrl LocalFileServiceImpl.uploadPictureByUrl server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.333823"
},
{
"name": "VDB-333823 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.333823"
},
{
"name": "Submit #692105 | moxi159753 mogu_blog_v2 \u003c=v5.2 Server-Side Request Forgery (SSRF)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.692105"
},
{
"tags": [
"related"
],
"url": "https://github.com/Xzzz111/exps/blob/main/archives/mogu_blog_v2-ssrf-1/report.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Xzzz111/exps/blob/main/archives/mogu_blog_v2-ssrf-1/report.md#proof-of-concept"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-30T20:56:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "moxi159753 Mogu Blog v2 uploadPicsByUrl LocalFileServiceImpl.uploadPictureByUrl server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13814",
"datePublished": "2025-12-01T07:32:06.011Z",
"dateReserved": "2025-11-30T19:51:24.060Z",
"dateUpdated": "2025-12-01T16:08:16.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.