CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
CVE-2025-13872 (GCVE-0-2025-13872)
Vulnerability from cvelistv5 – Published: 2025-12-02 09:51 – Updated: 2025-12-02 16:55
VLAI
Title
Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio
Summary
Blind Server-Side Request Forgery (SSRF) in the survey-import feature of
ObjectPlanet Opinio 7.26 rev12562 on
Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests
to an arbitrary destination.
Severity
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.objectplanet.com/opinio/changelog.html | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ObjectPlanet | Opinio |
Affected:
7.26 rev12562
|
Date Public
2025-07-31 08:54
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13872",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:50:34.265761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:55:02.348Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"The feature to import a survey"
],
"product": "Opinio",
"vendor": "ObjectPlanet",
"versions": [
{
"status": "affected",
"version": "7.26 rev12562"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:objectplanet:opinio:7.26_rev12562:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dominique Righetto"
}
],
"datePublic": "2025-07-31T08:54:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cbr\u003e\n\n\n\nBlind Server-Side Request Forgery (SSRF) in the survey-import feature of \n\n \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eObjectPlanet\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOpinio\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;7.26 rev12562\u003c/span\u003e\u0026nbsp;on \u003cem\u003e\u003c/em\u003e\n\nWeb-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests \n\n to an arbitrary destination.\n\n\n\n\u003cbr\u003e"
}
],
"value": "Blind Server-Side Request Forgery (SSRF) in the survey-import feature of \n\n ObjectPlanet\u00a0Opinio\u00a07.26 rev12562\u00a0on \n\nWeb-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests \n\n to an arbitrary destination."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.1,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T09:51:59.865Z",
"orgId": "64c5ae8f-7972-4697-86a0-7ada793ac795",
"shortName": "TCS-CERT"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://www.objectplanet.com/opinio/changelog.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-12-01T09:10:00.000Z",
"value": "Vulnerability discovery"
},
{
"lang": "en",
"time": "2024-12-10T14:22:00.000Z",
"value": "Vulnerability Report to TCS-CERT"
},
{
"lang": "en",
"time": "2024-12-19T15:33:00.000Z",
"value": "Vulnerability Report to Vendor through email : opinio@support.objectplanet.com"
},
{
"lang": "en",
"time": "2024-12-24T15:34:00.000Z",
"value": "Feedback asked to vendor, check if the vendor received the PoC in an encrypted archive"
},
{
"lang": "en",
"time": "2025-01-10T15:32:00.000Z",
"value": "New follow-up email was send to the vendor"
},
{
"lang": "en",
"time": "2025-01-13T15:37:00.000Z",
"value": "Vendor confirmed the reception of the PoC, vendor asked to wait 90-day period before publishing (responsible disclosure), and will try to fix the vulnerability"
},
{
"lang": "en",
"time": "2025-01-14T15:37:00.000Z",
"value": "Answer to vendor to acknowledge 90 days period"
},
{
"lang": "en",
"time": "2025-03-10T15:38:00.000Z",
"value": "Vendor informed us that they will realse the fix by the end of this month"
},
{
"lang": "en",
"time": "2025-04-23T14:39:00.000Z",
"value": "An email was sent to check where they stand on the release and fixes for the reported issues"
},
{
"lang": "en",
"time": "2025-06-21T14:39:00.000Z",
"value": "A feedback was requested from vendor regarding their progreess"
},
{
"lang": "en",
"time": "2025-06-30T14:39:00.000Z",
"value": "A feedback was requested from vendor regarding their progreess"
},
{
"lang": "en",
"time": "2025-07-31T14:39:00.000Z",
"value": "The vendor released the newer fixed version which is the Opinio Version 7.27"
}
],
"title": "Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet\u00a0Opinio",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "64c5ae8f-7972-4697-86a0-7ada793ac795",
"assignerShortName": "TCS-CERT",
"cveId": "CVE-2025-13872",
"datePublished": "2025-12-02T09:51:59.865Z",
"dateReserved": "2025-12-02T09:17:04.605Z",
"dateUpdated": "2025-12-02T16:55:02.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13999 (GCVE-0-2025-13999)
Vulnerability from cvelistv5 – Published: 2025-12-19 06:48 – Updated: 2025-12-19 15:32
VLAI
Title
HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player 2.4.0 - 2.5.1 - Unauthenticated Server-Side Request Forgery
Summary
The HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions from 2.4.0 up to, and including, 2.5.1 via the getIcyMetadata() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Severity
7.2 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bplugins | HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player |
Affected:
2.4.0 , ≤ 2.5.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13999",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T15:32:44.509080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T15:32:52.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HTML5 Audio Player \u2013 The Ultimate No-Code Podcast, MP3 \u0026 Audio Player",
"vendor": "bplugins",
"versions": [
{
"lessThanOrEqual": "2.5.1",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kenneth Dunn"
}
],
"descriptions": [
{
"lang": "en",
"value": "The HTML5 Audio Player \u2013 The Ultimate No-Code Podcast, MP3 \u0026 Audio Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions from 2.4.0 up to, and including, 2.5.1 via the getIcyMetadata() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T06:48:23.714Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/989b4b9d-e22e-46a7-8ebc-5c8b33f98111?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old=3394789\u0026old_path=html5-audio-player%2Ftags%2F2.5.1%2Finc%2FCore%2FAjax.php\u0026new=3419843\u0026new_path=html5-audio-player%2Ftags%2F2.5.2%2Finc%2FCore%2FAjax.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-24T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-12-03T23:27:06.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-18T18:14:27.000Z",
"value": "Disclosed"
}
],
"title": "HTML5 Audio Player \u2013 The Ultimate No-Code Podcast, MP3 \u0026 Audio Player 2.4.0 - 2.5.1 - Unauthenticated Server-Side Request Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13999",
"datePublished": "2025-12-19T06:48:23.714Z",
"dateReserved": "2025-12-03T23:11:51.326Z",
"dateUpdated": "2025-12-19T15:32:52.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14004 (GCVE-0-2025-14004)
Vulnerability from cvelistv5 – Published: 2025-12-04 13:32 – Updated: 2026-02-24 05:39
VLAI
Title
dayrui XunRuiCMS Email Setting admind45f74adbd95.php server-side request forgery
Summary
A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing a manipulation results in server-side request forgery. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.334246 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.334246 | signaturepermissions-required |
| https://vuldb.com/?submit.692907 | third-party-advisory |
| https://github.com/24-2021/vul/blob/main/xunruicm… | broken-linkexploit |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14004",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-04T14:27:40.445188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T14:38:17.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:xunruicms:xunruicms:*:*:*:*:*:*:*:*"
],
"modules": [
"Email Setting Handler"
],
"product": "XunRuiCMS",
"vendor": "dayrui",
"versions": [
{
"status": "affected",
"version": "4.7.0"
},
{
"status": "affected",
"version": "4.7.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "nobb (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email\u0026m=add of the component Email Setting Handler. Performing a manipulation results in server-side request forgery. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T05:39:08.429Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-334246 | dayrui XunRuiCMS Email Setting admind45f74adbd95.php server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.334246"
},
{
"name": "VDB-334246 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.334246"
},
{
"name": "Submit #692907 | Sichuan Xunrui Cloud Software Development Co., Ltd xunruicms \u003c=4.7.1 Server-Side Request Forgery",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.692907"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://github.com/24-2021/vul/blob/main/xunruicms-email_test-SSRF/xunruicms-email_test-SSRF.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-04T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-08T15:32:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "dayrui XunRuiCMS Email Setting admind45f74adbd95.php server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14004",
"datePublished": "2025-12-04T13:32:06.141Z",
"dateReserved": "2025-12-04T08:10:55.927Z",
"dateUpdated": "2026-02-24T05:39:08.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14008 (GCVE-0-2025-14008)
Vulnerability from cvelistv5 – Published: 2025-12-04 15:02 – Updated: 2026-02-24 05:39
VLAI
Title
dayrui XunRuiCMS Project Domain Change Test admin79f2ec220c7e.php server-side request forgery
Summary
A flaw has been found in dayrui XunRuiCMS up to 4.7.1. This vulnerability affects unknown code of the file admin79f2ec220c7e.php?c=api&m=test_site_domain of the component Project Domain Change Test. This manipulation of the argument v causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.334250 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.334250 | signaturepermissions-required |
| https://vuldb.com/?submit.692915 | third-party-advisory |
| https://github.com/24-2021/vul/blob/main/xunruicm… | broken-linkexploit |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14008",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T19:14:49.242745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T19:15:03.484Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:xunruicms:xunruicms:*:*:*:*:*:*:*:*"
],
"modules": [
"Project Domain Change Test"
],
"product": "XunRuiCMS",
"vendor": "dayrui",
"versions": [
{
"status": "affected",
"version": "4.7.0"
},
{
"status": "affected",
"version": "4.7.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "nobb (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in dayrui XunRuiCMS up to 4.7.1. This vulnerability affects unknown code of the file admin79f2ec220c7e.php?c=api\u0026m=test_site_domain of the component Project Domain Change Test. This manipulation of the argument v causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T05:39:58.279Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-334250 | dayrui XunRuiCMS Project Domain Change Test admin79f2ec220c7e.php server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.334250"
},
{
"name": "VDB-334250 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.334250"
},
{
"name": "Submit #692915 | Sichuan Xunrui Cloud Software Development Co., Ltd x \u003c=4.7.1 Server-Side Request Forgery",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.692915"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://github.com/24-2021/vul/blob/main/xunruicms-test_site_domain-SSRF/xunruicms-test_site_domain-SSRF.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-04T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-06T06:01:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "dayrui XunRuiCMS Project Domain Change Test admin79f2ec220c7e.php server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14008",
"datePublished": "2025-12-04T15:02:06.355Z",
"dateReserved": "2025-12-04T08:11:07.404Z",
"dateUpdated": "2026-02-24T05:39:58.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14116 (GCVE-0-2025-14116)
Vulnerability from cvelistv5 – Published: 2025-12-05 22:32 – Updated: 2025-12-08 17:14 X_Open Source
VLAI
Title
xerrors Yuxi-Know embed.py OtherEmbedding.aencode server-side request forgery
Summary
A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vulnerability affects the function OtherEmbedding.aencode of the file /src/models/embed.py. Performing manipulation of the argument health_url results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The patch is named 0ff771dc1933d5a6b78f804115e78a7d8625c3f3. To fix this issue, it is recommended to deploy a patch. The vendor responded with a vulnerability confirmation and a list of security measures they have established already (e.g. disabled URL parsing, disabled URL upload mode, removed URL-to-markdown conversion).
Severity
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.334492 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.334492 | signaturepermissions-required |
| https://vuldb.com/?submit.697380 | third-party-advisory |
| https://www.notion.so/SSRF-vulnerablity-in-Yuxi-K… | exploit |
| https://github.com/xerrors/Yuxi-Know/commit/0ff77… | patch |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14116",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T17:07:49.402542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T17:14:40.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Yuxi-Know",
"vendor": "xerrors",
"versions": [
{
"status": "affected",
"version": "0.1"
},
{
"status": "affected",
"version": "0.2"
},
{
"status": "affected",
"version": "0.3"
},
{
"status": "affected",
"version": "0.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "din4 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vulnerability affects the function OtherEmbedding.aencode of the file /src/models/embed.py. Performing manipulation of the argument health_url results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The patch is named 0ff771dc1933d5a6b78f804115e78a7d8625c3f3. To fix this issue, it is recommended to deploy a patch. The vendor responded with a vulnerability confirmation and a list of security measures they have established already (e.g. disabled URL parsing, disabled URL upload mode, removed URL-to-markdown conversion)."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T22:32:08.303Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-334492 | xerrors Yuxi-Know embed.py OtherEmbedding.aencode server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.334492"
},
{
"name": "VDB-334492 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.334492"
},
{
"name": "Submit #697380 | xerrors Yuxi-Know Yuxi-Know \u2264 0.4.0 Server-Side Request Forgery",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.697380"
},
{
"tags": [
"exploit"
],
"url": "https://www.notion.so/SSRF-vulnerablity-in-Yuxi-Know-2afea92a3c4180bea524f1a253f8d9a0?source=copy_link"
},
{
"tags": [
"patch"
],
"url": "https://github.com/xerrors/Yuxi-Know/commit/0ff771dc1933d5a6b78f804115e78a7d8625c3f3"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2025-12-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-05T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-05T16:21:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "xerrors Yuxi-Know embed.py OtherEmbedding.aencode server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14116",
"datePublished": "2025-12-05T22:32:08.303Z",
"dateReserved": "2025-12-05T15:15:26.362Z",
"dateUpdated": "2025-12-08T17:14:40.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14277 (GCVE-0-2025-14277)
Vulnerability from cvelistv5 – Published: 2025-12-18 12:22 – Updated: 2026-04-08 16:33
VLAI
Title
Prime Slider – Addons for Elementor <= 4.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery
Summary
The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.9 via the import_elementor_template AJAX action. This makes it possible for authenticated attackers, with subscriber level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Severity
4.3 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | Prime Slider – Addons for Elementor |
Affected:
0 , ≤ 4.0.9
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T14:36:06.650013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:36:18.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Prime Slider \u2013 Addons for Elementor",
"vendor": "bdthemes",
"versions": [
{
"lessThanOrEqual": "4.0.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Deadbee"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Prime Slider \u2013 Addons for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.9 via the import_elementor_template AJAX action. This makes it possible for authenticated attackers, with subscriber level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:33:48.365Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/069a56a1-ca17-43cc-a51f-51b6111f5b61?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3419222/bdthemes-prime-slider-lite"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-02T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-12-08T17:14:48.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-17T23:36:23.000Z",
"value": "Disclosed"
}
],
"title": "Prime Slider \u2013 Addons for Elementor \u003c= 4.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-14277",
"datePublished": "2025-12-18T12:22:26.139Z",
"dateReserved": "2025-12-08T16:58:57.189Z",
"dateUpdated": "2026-04-08T16:33:48.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14290 (GCVE-0-2025-14290)
Vulnerability from cvelistv5 – Published: 2026-05-26 15:49 – Updated: 2026-05-26 18:40
VLAI
Title
IBM webMethods Integration Sever is vulnerable to server-side request forgery
Summary
IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Severity
5.4 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7273550 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | webMethods Integration (on prem) -Integration Server |
Affected:
10.15 , ≤ IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10
(semver)
cpe:2.3:a:ibm:webmethods_integration_on_prem__integration_server:10.15:*:*:*:*:*:*:* cpe:2.3:a:ibm:webmethods_integration_on_prem__integration_server:10.15.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:webmethods_integration_on_prem__integration_server:is_10.15_core_fix2611.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14290",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T18:34:12.833084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T18:40:31.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:webmethods_integration_on_prem__integration_server:10.15:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:webmethods_integration_on_prem__integration_server:10.15.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:webmethods_integration_on_prem__integration_server:is_10.15_core_fix2611.1:*:*:*:*:*:*:*"
],
"product": "webMethods Integration (on prem) -Integration Server",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10",
"status": "affected",
"version": "10.15",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). This may allow an authenticated\u0026nbsp;attacker to send unauthorized requests from the system, potentially leading to network enumeration or\u0026nbsp;facilitating other attacks.\u003c/p\u003e"
}
],
"value": "IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). This may allow an authenticated\u00a0attacker to send unauthorized requests from the system, potentially leading to network enumeration or\u00a0facilitating other attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T15:49:23.780Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7273550"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying the mentioned core fixes or later core fixes for the affected versions and following the respective fix readme\u0026nbsp;document.\u003c/p\u003e\u003cp\u003eIS_10.15_Core_Fix27 or later\u003cbr\u003eIS_11.1_Core_Fix11 or later\u003c/p\u003e\u003cp\u003eFixes can be downloaded and installed via IBM webMethods Update Manager. Refer to\u0026nbsp;\u003ca href=\"https://www.ibm.com/support/pages/node/7232491\" rel=\"nofollow\"\u003eHow to Download webMethods Software\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by applying the mentioned core fixes or later core fixes for the affected versions and following the respective fix readme\u00a0document.\n\n\n\nIS_10.15_Core_Fix27 or later\nIS_11.1_Core_Fix11 or later\n\n\n\nFixes can be downloaded and installed via IBM webMethods Update Manager. Refer to\u00a0 How to Download webMethods Software https://www.ibm.com/support/pages/node/7232491"
}
],
"title": "IBM webMethods Integration Sever is vulnerable to server-side request forgery",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-14290",
"datePublished": "2026-05-26T15:49:23.780Z",
"dateReserved": "2025-12-08T19:17:35.305Z",
"dateUpdated": "2026-05-26T18:40:31.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14438 (GCVE-0-2025-14438)
Vulnerability from cvelistv5 – Published: 2026-01-06 04:31 – Updated: 2026-04-08 17:00
VLAI
Title
Xagio SEO <= 7.1.0.30 - Authenticated (Subscriber+) Server-Side Request Forgery
Summary
The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.1.0.30 via the 'pixabayDownloadImage' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Severity
6.4 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| xagio | Xagio SEO – AI Powered SEO |
Affected:
0 , ≤ 7.1.0.30
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14438",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T14:35:32.285523Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T14:35:41.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Xagio SEO \u2013 AI Powered SEO",
"vendor": "xagio",
"versions": [
{
"lessThanOrEqual": "7.1.0.30",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jack Taylor"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Xagio SEO \u2013 AI Powered SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.1.0.30 via the \u0027pixabayDownloadImage\u0027 function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:00:45.483Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/72779dd2-04eb-445d-88a0-28a9c4d2369b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/xagio-seo/tags/7.1.0.29/inc/xagio_core.php#L236"
},
{
"url": "https://plugins.trac.wordpress.org/browser/xagio-seo/tags/7.1.0.29/modules/seo/models/xagio_tinymce.php#L91"
},
{
"url": "https://plugins.trac.wordpress.org/browser/xagio-seo/tags/7.1.0.29/modules/seo/models/xagio_tinymce.php#L135"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3426300/xagio-seo#file374"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-05T16:06:52.000Z",
"value": "Disclosed"
}
],
"title": "Xagio SEO \u003c= 7.1.0.30 - Authenticated (Subscriber+) Server-Side Request Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-14438",
"datePublished": "2026-01-06T04:31:56.281Z",
"dateReserved": "2025-12-10T11:23:17.347Z",
"dateUpdated": "2026-04-08T17:00:45.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14443 (GCVE-0-2025-14443)
Vulnerability from cvelistv5 – Published: 2025-12-16 12:14 – Updated: 2026-02-27 03:24
VLAI
Title
Ose-openshift-apiserver: openshift api server: server-side request forgery (ssrf) vulnerability in imagestreamimport mechanism
Summary
A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service (DoS) through Server-Side Request Forgery (SSRF) due to missing IP address and network-range validation when processing user-supplied image references.
Severity
6.4 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2025-14443 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2420964 | issue-trackingx_refsource_REDHAT |
| https://github.com/tuxerrante/openshift-ssrf |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
Date Public
2025-12-10 13:24
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14443",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T14:43:31.692426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T14:43:57.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-openshift-apiserver-rhel8",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-openshift-apiserver-rhel9",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Alessandro Affinito for reporting this issue."
}
],
"datePublic": "2025-12-10T13:24:23.381Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service (DoS) through Server-Side Request Forgery (SSRF) due to missing IP address and network-range validation when processing user-supplied image references."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T03:24:12.959Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-14443"
},
{
"name": "RHBZ#2420964",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420964"
},
{
"url": "https://github.com/tuxerrante/openshift-ssrf"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-10T13:19:20.674Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-12-10T13:24:23.381Z",
"value": "Made public."
}
],
"title": "Ose-openshift-apiserver: openshift api server: server-side request forgery (ssrf) vulnerability in imagestreamimport mechanism",
"workarounds": [
{
"lang": "en",
"value": "Possible mitigations for this flaw include:\n- removing the permissions that allow users to use the ImageStreamImport feature or explicitly only allowing trusted users to access the feature.\n- explicitly set the apiserver\u0027s ImageStreamImport allow-list to trusted image registries. (i.e. `oc patch image.config.openshift.io/cluster --type=merge -p \u0027{\"spec\":{\"allowedRegistriesForImport\":[{\"domainName\": \"docker.io\"}, {\"domainName\": \"quay.io\"}]}}\u0027`)\n- Set the apiserver\u0027s ImageStreamImport to deny all uses. (`oc patch image.config.openshift.io/cluster --type=merge -p \u0027{\"spec\":{\"allowedRegistriesForImport\":[{\"domainName\": \"-\"}]}}\u0027`)"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-918: Server-Side Request Forgery (SSRF)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-14443",
"datePublished": "2025-12-16T12:14:47.964Z",
"dateReserved": "2025-12-10T13:21:32.732Z",
"dateUpdated": "2026-02-27T03:24:12.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1447 (GCVE-0-2025-1447)
Vulnerability from cvelistv5 – Published: 2025-02-19 00:00 – Updated: 2025-02-19 14:50
VLAI
Title
kasuganosoras Pigeon index.php server-side request forgery
Summary
A vulnerability was found in kasuganosoras Pigeon 1.0.177. It has been declared as critical. This vulnerability affects unknown code of the file /pigeon/imgproxy/index.php. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. Upgrading to version 1.0.181 is able to address this issue. The patch is identified as 84cea5fe73141689da2e7ec8676d47435bd6423e. It is recommended to upgrade the affected component.
Severity
4.3 (Medium)
4.3 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.296134 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.296134 | signaturepermissions-required |
| https://vuldb.com/?submit.501978 | third-party-advisory |
| https://github.com/sheratan4/cve/issues/2 | issue-tracking |
| https://github.com/kasuganosoras/Pigeon/commit/84… | patch |
| https://github.com/kasuganosoras/Pigeon/releases/… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kasuganosoras | Pigeon |
Affected:
1.0.177
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1447",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T14:50:48.939890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T14:50:55.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Pigeon",
"vendor": "kasuganosoras",
"versions": [
{
"status": "affected",
"version": "1.0.177"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "sheratan (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in kasuganosoras Pigeon 1.0.177. It has been declared as critical. This vulnerability affects unknown code of the file /pigeon/imgproxy/index.php. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. Upgrading to version 1.0.181 is able to address this issue. The patch is identified as 84cea5fe73141689da2e7ec8676d47435bd6423e. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "In kasuganosoras Pigeon 1.0.177 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /pigeon/imgproxy/index.php. Durch die Manipulation des Arguments url mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 1.0.181 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 84cea5fe73141689da2e7ec8676d47435bd6423e bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T00:00:15.877Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-296134 | kasuganosoras Pigeon index.php server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.296134"
},
{
"name": "VDB-296134 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.296134"
},
{
"name": "Submit #501978 | https://github.com/kasuganosoras/Pigeon Pigeon v1.0.177 SSRF",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.501978"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/sheratan4/cve/issues/2"
},
{
"tags": [
"patch"
],
"url": "https://github.com/kasuganosoras/Pigeon/commit/84cea5fe73141689da2e7ec8676d47435bd6423e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/kasuganosoras/Pigeon/releases/tag/1.0.181"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-18T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-18T16:58:47.000Z",
"value": "VulDB entry last update"
}
],
"title": "kasuganosoras Pigeon index.php server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1447",
"datePublished": "2025-02-19T00:00:15.877Z",
"dateReserved": "2025-02-18T15:53:33.360Z",
"dateUpdated": "2025-02-19T14:50:55.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.