CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
CVE-2025-3254 (GCVE-0-2025-3254)
Vulnerability from cvelistv5 – Published: 2025-04-04 16:00 – Updated: 2025-04-04 19:58
VLAI
Title
xujiangfei admintwo add server-side request forgery
Summary
A vulnerability was found in xujiangfei admintwo 1.0. It has been classified as critical. Affected is an unknown function of the file /resource/add. The manipulation of the argument description leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.303324 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.303324 | signaturepermissions-required |
| https://vuldb.com/?submit.548979 | third-party-advisory |
| https://github.com/caigo8/CVE-md/blob/main/admint… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| xujiangfei | admintwo |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3254",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T19:58:15.475551Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T19:58:40.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "admintwo",
"vendor": "xujiangfei",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Caigo (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in xujiangfei admintwo 1.0. It has been classified as critical. Affected is an unknown function of the file /resource/add. The manipulation of the argument description leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in xujiangfei admintwo 1.0 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Datei /resource/add. Durch Beeinflussen des Arguments description mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T16:00:15.857Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-303324 | xujiangfei admintwo add server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.303324"
},
{
"name": "VDB-303324 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.303324"
},
{
"name": "Submit #548979 | https://gitee.com/xujiangfei/admintwo admintwo 1.0 Server-Side Request Forgery (SSRF)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.548979"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/caigo8/CVE-md/blob/main/admintwo/SSRF.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-04T09:40:02.000Z",
"value": "VulDB entry last update"
}
],
"title": "xujiangfei admintwo add server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3254",
"datePublished": "2025-04-04T16:00:15.857Z",
"dateReserved": "2025-04-04T07:34:44.626Z",
"dateUpdated": "2025-04-04T19:58:40.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32675 (GCVE-0-2025-32675)
Vulnerability from cvelistv5 – Published: 2025-04-09 16:09 – Updated: 2026-04-28 16:12
VLAI
Title
WordPress SEO Help plugin <= 6.7.9 - Server Side Request Forgery (SSRF) vulnerability
Summary
Server-Side Request Forgery (SSRF) vulnerability in QuantumCloud SEO Help seo-help allows Server Side Request Forgery.This issue affects SEO Help: from n/a through <= 6.7.9.
Severity
6.8 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| QuantumCloud | SEO Help |
Affected:
0 , ≤ 6.7.9
(custom)
|
Date Public
2026-04-01 16:39
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T17:42:46.214371Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T18:08:02.093Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "seo-help",
"product": "SEO Help",
"vendor": "QuantumCloud",
"versions": [
{
"lessThanOrEqual": "6.7.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Phan Trong Quan - VNPT Cyber Immunity | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:39:03.106Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF) vulnerability in QuantumCloud SEO Help seo-help allows Server Side Request Forgery.\u003cp\u003eThis issue affects SEO Help: from n/a through \u003c= 6.7.9.\u003c/p\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF) vulnerability in QuantumCloud SEO Help seo-help allows Server Side Request Forgery.This issue affects SEO Help: from n/a through \u003c= 6.7.9."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:12:28.160Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/seo-help/vulnerability/wordpress-seo-help-plugin-6-6-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"title": "WordPress SEO Help plugin \u003c= 6.7.9 - Server Side Request Forgery (SSRF) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-32675",
"datePublished": "2025-04-09T16:09:16.556Z",
"dateReserved": "2025-04-09T11:21:18.307Z",
"dateUpdated": "2026-04-28T16:12:28.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32691 (GCVE-0-2025-32691)
Vulnerability from cvelistv5 – Published: 2025-04-09 16:09 – Updated: 2026-04-28 16:12
VLAI
Title
WordPress PowerPress Podcasting plugin <= 11.12.6 - Server Side Request Forgery (SSRF) Vulnerability
Summary
Server-Side Request Forgery (SSRF) vulnerability in blubrry PowerPress Podcasting powerpress allows Server Side Request Forgery.This issue affects PowerPress Podcasting: from n/a through <= 11.12.6.
Severity
4.9 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| blubrry | PowerPress Podcasting |
Affected:
0 , ≤ 11.12.6
(custom)
|
Date Public
2026-04-01 16:39
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32691",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T17:43:17.254310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T18:10:13.742Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "powerpress",
"product": "PowerPress Podcasting",
"vendor": "blubrry",
"versions": [
{
"changes": [
{
"at": "11.12.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "11.12.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:39:01.953Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF) vulnerability in blubrry PowerPress Podcasting powerpress allows Server Side Request Forgery.\u003cp\u003eThis issue affects PowerPress Podcasting: from n/a through \u003c= 11.12.6.\u003c/p\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF) vulnerability in blubrry PowerPress Podcasting powerpress allows Server Side Request Forgery.This issue affects PowerPress Podcasting: from n/a through \u003c= 11.12.6."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:12:29.074Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/powerpress/vulnerability/wordpress-powerpress-podcasting-11-12-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"title": "WordPress PowerPress Podcasting plugin \u003c= 11.12.6 - Server Side Request Forgery (SSRF) Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-32691",
"datePublished": "2025-04-09T16:09:09.697Z",
"dateReserved": "2025-04-09T11:21:30.217Z",
"dateUpdated": "2026-04-28T16:12:29.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-33203 (GCVE-0-2025-33203)
Vulnerability from cvelistv5 – Published: 2025-11-25 18:10 – Updated: 2025-11-26 15:58
VLAI
Summary
NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request Forgery. A successful exploit of this vulnerability may lead to information disclosure and denial of service.
Severity
7.6 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NVIDIA | NeMo Agent ToolKit |
Affected:
All versions prior to 1.3.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33203",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-26T15:58:48.200677Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T15:58:54.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"All platforms"
],
"product": "NeMo Agent ToolKit",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request Forgery. A successful exploit of this vulnerability may lead to information disclosure and denial of service."
}
],
"value": "NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request Forgery. A successful exploit of this vulnerability may lead to information disclosure and denial of service."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Information Disclosure, Denial of Service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T18:10:47.964Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33203"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33203"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5726"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-33203",
"datePublished": "2025-11-25T18:10:33.659Z",
"dateReserved": "2025-04-15T18:51:05.243Z",
"dateUpdated": "2025-11-26T15:58:54.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34021 (GCVE-0-2025-34021)
Vulnerability from cvelistv5 – Published: 2025-06-20 18:37 – Updated: 2026-04-07 14:09 X_Known Exploited Vulnerability
VLAI
Title
Selea Targa IP OCR-ANPR Camera Server-Side Request Forgery
Summary
A server-side request forgery (SSRF) vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate user-supplied input in JSON POST parameters such as ipnotify_address and url, which are used by internal mechanisms to perform image fetch and DNS lookups. This allows remote unauthenticated attackers to induce the system to make arbitrary HTTP requests to internal or external systems, potentially bypassing firewall policies or conducting internal service enumeration. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-25 UTC.
Severity
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | third-party-advisoryexploit |
| https://www.exploit-db.com/exploits/49457 | third-party-advisoryexploit |
| https://cxsecurity.com/issue/WLB-2021010170 | third-party-advisoryexploit |
| https://packetstorm.news/files/id/161059 | third-party-advisoryexploit |
| https://www.selea.com | product |
| https://vulncheck.com/advisories/selea-targa-ip-c… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Selea | Targa IP OCR-ANPR Camera |
Affected:
BLD201113005214
(custom)
Affected: BLD201106163745 (custom) Affected: BLD200304170901 (custom) Affected: BLD200304170514 (custom) Affected: BLD200303143345 (custom) Affected: BLD191118145435 (custom) Affected: BLD191021180140 (custom) Affected: CPS 4.013(201105) (custom) Affected: CPS 3.100(200225) (custom) Affected: CPS 3.005(191206) (custom) Affected: CPS 3.005(191112) (custom) |
Date Public
2021-01-22 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34021",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T20:35:13.561170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T20:35:27.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web Management Interface (IP notification and image retrieval handlers)"
],
"product": "Targa IP OCR-ANPR Camera",
"vendor": "Selea",
"versions": [
{
"status": "affected",
"version": "BLD201113005214",
"versionType": "custom"
},
{
"status": "affected",
"version": "BLD201106163745",
"versionType": "custom"
},
{
"status": "affected",
"version": "BLD200304170901",
"versionType": "custom"
},
{
"status": "affected",
"version": "BLD200304170514",
"versionType": "custom"
},
{
"status": "affected",
"version": "BLD200303143345",
"versionType": "custom"
},
{
"status": "affected",
"version": "BLD191118145435",
"versionType": "custom"
},
{
"status": "affected",
"version": "BLD191021180140",
"versionType": "custom"
},
{
"status": "affected",
"version": "CPS 4.013(201105)",
"versionType": "custom"
},
{
"status": "affected",
"version": "CPS 3.100(200225)",
"versionType": "custom"
},
{
"status": "affected",
"version": "CPS 3.005(191206)",
"versionType": "custom"
},
{
"status": "affected",
"version": "CPS 3.005(191112)",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gjoko Krstic"
}
],
"datePublic": "2021-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A server-side request forgery (SSRF) vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate user-supplied input in JSON POST parameters such as ipnotify_address and url, which are used by internal mechanisms to perform image fetch and DNS lookups. This allows remote unauthenticated attackers to induce the system to make arbitrary HTTP requests to internal or external systems, potentially bypassing firewall policies or conducting internal service enumeration.\u0026nbsp;Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-25 UTC."
}
],
"value": "A server-side request forgery (SSRF) vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate user-supplied input in JSON POST parameters such as ipnotify_address and url, which are used by internal mechanisms to perform image fetch and DNS lookups. This allows remote unauthenticated attackers to induce the system to make arbitrary HTTP requests to internal or external systems, potentially bypassing firewall policies or conducting internal service enumeration.\u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-25 UTC."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:09:00.779Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"third-party-advisory",
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5617.php"
},
{
"tags": [
"third-party-advisory",
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49457"
},
{
"tags": [
"third-party-advisory",
"exploit"
],
"url": "https://cxsecurity.com/issue/WLB-2021010170"
},
{
"tags": [
"third-party-advisory",
"exploit"
],
"url": "https://packetstorm.news/files/id/161059"
},
{
"tags": [
"product"
],
"url": "https://www.selea.com"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/selea-targa-ip-camera-ssrf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_known-exploited-vulnerability"
],
"title": "Selea Targa IP OCR-ANPR Camera Server-Side Request Forgery",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34021",
"datePublished": "2025-06-20T18:37:00.916Z",
"dateReserved": "2025-04-15T19:15:22.545Z",
"dateUpdated": "2026-04-07T14:09:00.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34051 (GCVE-0-2025-34051)
Vulnerability from cvelistv5 – Published: 2025-07-01 14:44 – Updated: 2026-04-07 14:09
VLAI
Title
AVTECH DVR Devices Server-Side Request Forgery
Summary
A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services.
Severity
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/40500 | exploit |
| https://avtech.com/ | product |
| https://web.archive.org/web/20240810225729/https:… | third-party-advisorytechnical-description |
| https://web.archive.org/web/20161029201749/https:… | exploit |
| https://vulncheck.com/advisories/avtech-ipcamera-… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AVTECH | DVR devices |
Affected:
1001-1000-1000-1000
Affected: 1001-1000-1001-1001 Affected: 1002-1000-1002-1001 Unaffected: 1002-1001-1000-1000 Affected: 1002-1001-1001-1001 Affected: 1004-1002-1001-1000 Affected: 1004-1002-1003-1000-FFFF Affected: 1004V-1002V-1003V-1001V Affected: 1004Y-1002Y-1001EJ-1000Y Affected: 1004Y-1002Y-1001Y-1000Y Affected: 1005-1002-1002-1000 Affected: 1005-1002-1004-1001 Affected: 1006-1001-1003-1004 Affected: 1006-1002-1003-1000 Affected: 1006Y-1002Y-1003Y-1000Y Affected: 1007-1002-1004-1000 Affected: 1007-1003-1003-1002 Affected: 1007-1003-1005-1001 Affected: 1007E-1003E-1005EJ-1001E Affected: 1007V-1003V-1005V-1001V Affected: 1007Y-1002Y-1004Y-1000Y Affected: 1008-1002-1005-1000 Affected: 1008-1004-1003-1002 Affected: 1009-1003-1005-1006 Affected: 1009-1003-1006-1001 Affected: 1009-1007-1007-1000-FFFF Affected: 1009Y-1003Y-1006Y-1001Y Affected: 1010-1004-1007-1001 Affected: 1010-1005-1005-1002 Affected: 1011-1004-1005-1006 Affected: 1011-1005-1007-1001 Affected: 1011-1005-1007EJ-1001 Affected: 1011-1005-1008-1002 Affected: 1012-1004-1005-1006 Affected: 1012-1005-1007-1002 Affected: 1012-1006-1007-1001 Affected: 1012-1008-1009-1000-FFFF Affected: 1014-1005-1009-1002 Affected: 1014-1007-1009-1001 Affected: 1014-1010-1010-1000-FFFF Affected: 1014Y-1007Y-1009Y-1001Y Affected: 1015-1006-1010-1003 Affected: 1015-1007-1007-1007 Affected: 1015-1007-1010-1001 Affected: 1015-1010-1011-1000-FFFF Affected: 1015Y-1007Y-1010Y-1001Y Affected: 1016-1007-1005-1001 Affected: 1016-1007-1011-1001 Affected: 1016-1007-1011-1003 Affected: 1016-1008-1007-1007 Affected: 1016Y-1007Y-1011Y-1001Y Affected: 1017-1008-1012-1002 Affected: 1017-1009-1008-1008 Affected: 1017-1011-1013-1001-FFFF Affected: 1017f-1011f-1013f-1001f-FFFF Affected: 1017Y-1008Y-1012Y-1002Y Affected: 1018-1008-1012-1004 Affected: 1019-1009-1013-1003 Affected: 1019-1010-1009-1009 Affected: 1019c-1012c-1014c-1001c-FFFF Affected: 1021-1011-1010-1009 Affected: 1022-1012-1011-1009 Affected: 1022-1014-1016-1002-FFFF Affected: 1022Y-1014Y-1016Y-1002Y-FFFF Affected: 1023-1013-1011-1009 Affected: 1023-1014-1017-1002-FFFF Affected: 1025-1014-1013-1009 Affected: 1026-1014-1014-1009 Affected: 1027-1014-1015-1009 Affected: S968-S968-S968-S968 Affected: V171P-V171P-V171P-V171P Affected: V189-V189-V189-V189 |
Date Public
2016-10-11 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34051",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T14:57:37.177556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T14:59:04.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Search.cgi endpoint",
"ip parameter",
"port parameter",
"queryb64str parameter"
],
"product": "DVR devices",
"vendor": "AVTECH",
"versions": [
{
"status": "affected",
"version": "1001-1000-1000-1000"
},
{
"status": "affected",
"version": "1001-1000-1001-1001"
},
{
"status": "affected",
"version": "1002-1000-1002-1001"
},
{
"status": "unaffected",
"version": "1002-1001-1000-1000"
},
{
"status": "affected",
"version": "1002-1001-1001-1001"
},
{
"status": "affected",
"version": "1004-1002-1001-1000"
},
{
"status": "affected",
"version": "1004-1002-1003-1000-FFFF"
},
{
"status": "affected",
"version": "1004V-1002V-1003V-1001V"
},
{
"status": "affected",
"version": "1004Y-1002Y-1001EJ-1000Y"
},
{
"status": "affected",
"version": "1004Y-1002Y-1001Y-1000Y"
},
{
"status": "affected",
"version": "1005-1002-1002-1000"
},
{
"status": "affected",
"version": "1005-1002-1004-1001"
},
{
"status": "affected",
"version": "1006-1001-1003-1004"
},
{
"status": "affected",
"version": "1006-1002-1003-1000"
},
{
"status": "affected",
"version": "1006Y-1002Y-1003Y-1000Y"
},
{
"status": "affected",
"version": "1007-1002-1004-1000"
},
{
"status": "affected",
"version": "1007-1003-1003-1002"
},
{
"status": "affected",
"version": "1007-1003-1005-1001"
},
{
"status": "affected",
"version": "1007E-1003E-1005EJ-1001E"
},
{
"status": "affected",
"version": "1007V-1003V-1005V-1001V"
},
{
"status": "affected",
"version": "1007Y-1002Y-1004Y-1000Y"
},
{
"status": "affected",
"version": "1008-1002-1005-1000"
},
{
"status": "affected",
"version": "1008-1004-1003-1002"
},
{
"status": "affected",
"version": "1009-1003-1005-1006"
},
{
"status": "affected",
"version": "1009-1003-1006-1001"
},
{
"status": "affected",
"version": "1009-1007-1007-1000-FFFF"
},
{
"status": "affected",
"version": "1009Y-1003Y-1006Y-1001Y"
},
{
"status": "affected",
"version": "1010-1004-1007-1001"
},
{
"status": "affected",
"version": "1010-1005-1005-1002"
},
{
"status": "affected",
"version": "1011-1004-1005-1006"
},
{
"status": "affected",
"version": "1011-1005-1007-1001"
},
{
"status": "affected",
"version": "1011-1005-1007EJ-1001"
},
{
"status": "affected",
"version": "1011-1005-1008-1002"
},
{
"status": "affected",
"version": "1012-1004-1005-1006"
},
{
"status": "affected",
"version": "1012-1005-1007-1002"
},
{
"status": "affected",
"version": "1012-1006-1007-1001"
},
{
"status": "affected",
"version": "1012-1008-1009-1000-FFFF"
},
{
"status": "affected",
"version": "1014-1005-1009-1002"
},
{
"status": "affected",
"version": "1014-1007-1009-1001"
},
{
"status": "affected",
"version": "1014-1010-1010-1000-FFFF"
},
{
"status": "affected",
"version": "1014Y-1007Y-1009Y-1001Y"
},
{
"status": "affected",
"version": "1015-1006-1010-1003"
},
{
"status": "affected",
"version": "1015-1007-1007-1007"
},
{
"status": "affected",
"version": "1015-1007-1010-1001"
},
{
"status": "affected",
"version": "1015-1010-1011-1000-FFFF"
},
{
"status": "affected",
"version": "1015Y-1007Y-1010Y-1001Y"
},
{
"status": "affected",
"version": "1016-1007-1005-1001"
},
{
"status": "affected",
"version": "1016-1007-1011-1001"
},
{
"status": "affected",
"version": "1016-1007-1011-1003"
},
{
"status": "affected",
"version": "1016-1008-1007-1007"
},
{
"status": "affected",
"version": "1016Y-1007Y-1011Y-1001Y"
},
{
"status": "affected",
"version": "1017-1008-1012-1002"
},
{
"status": "affected",
"version": "1017-1009-1008-1008"
},
{
"status": "affected",
"version": "1017-1011-1013-1001-FFFF"
},
{
"status": "affected",
"version": "1017f-1011f-1013f-1001f-FFFF"
},
{
"status": "affected",
"version": "1017Y-1008Y-1012Y-1002Y"
},
{
"status": "affected",
"version": "1018-1008-1012-1004"
},
{
"status": "affected",
"version": "1019-1009-1013-1003"
},
{
"status": "affected",
"version": "1019-1010-1009-1009"
},
{
"status": "affected",
"version": "1019c-1012c-1014c-1001c-FFFF"
},
{
"status": "affected",
"version": "1021-1011-1010-1009"
},
{
"status": "affected",
"version": "1022-1012-1011-1009"
},
{
"status": "affected",
"version": "1022-1014-1016-1002-FFFF"
},
{
"status": "affected",
"version": "1022Y-1014Y-1016Y-1002Y-FFFF"
},
{
"status": "affected",
"version": "1023-1013-1011-1009"
},
{
"status": "affected",
"version": "1023-1014-1017-1002-FFFF"
},
{
"status": "affected",
"version": "1025-1014-1013-1009"
},
{
"status": "affected",
"version": "1026-1014-1014-1009"
},
{
"status": "affected",
"version": "1027-1014-1015-1009"
},
{
"status": "affected",
"version": "S968-S968-S968-S968"
},
{
"status": "affected",
"version": "V171P-V171P-V171P-V171P"
},
{
"status": "affected",
"version": "V189-V189-V189-V189"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gergely Eberhardt (SEARCH-LAB.hu)"
}
],
"datePublic": "2016-10-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the \u003ccode\u003e/cgi-bin/nobody/Search.cgi?action=cgi_query\u003c/code\u003e endpoint without authentication. An attacker can manipulate the \u003ccode\u003eip\u003c/code\u003e, \u003ccode\u003eport\u003c/code\u003e, and \u003ccode\u003equeryb64str\u003c/code\u003e parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services."
}
],
"value": "A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:09:14.685Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40500"
},
{
"tags": [
"product"
],
"url": "https://avtech.com/"
},
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"
},
{
"tags": [
"exploit"
],
"url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AVTECH DVR Devices Server-Side Request Forgery",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34051",
"datePublished": "2025-07-01T14:44:22.913Z",
"dateReserved": "2025-04-15T19:15:22.548Z",
"dateUpdated": "2026-04-07T14:09:14.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3411 (GCVE-0-2025-3411)
Vulnerability from cvelistv5 – Published: 2025-04-08 05:00 – Updated: 2025-04-08 15:29
VLAI
Title
mymagicpower AIAS AsrController.java server-side request forgery
Summary
A vulnerability, which was classified as critical, has been found in mymagicpower AIAS 20250308. This issue affects some unknown processing of the file 3_api_platform/api-platform/src/main/java/top/aias/platform/controller/AsrController.java. The manipulation of the argument url leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.303689 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.303689 | signaturepermissions-required |
| https://vuldb.com/?submit.544288 | third-party-advisory |
| https://github.com/Tr0e/CVE_Hunter/blob/main/AIAS… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mymagicpower | AIAS |
Affected:
20250308
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3411",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T15:12:05.380755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T15:29:48.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Tr0e/CVE_Hunter/blob/main/AIAS/AIAS_SSRF1.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AIAS",
"vendor": "mymagicpower",
"versions": [
{
"status": "affected",
"version": "20250308"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in mymagicpower AIAS 20250308. This issue affects some unknown processing of the file 3_api_platform/api-platform/src/main/java/top/aias/platform/controller/AsrController.java. The manipulation of the argument url leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in mymagicpower AIAS 20250308 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei 3_api_platform/api-platform/src/main/java/top/aias/platform/controller/AsrController.java. Dank Manipulation des Arguments url mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T05:00:12.594Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-303689 | mymagicpower AIAS AsrController.java server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.303689"
},
{
"name": "VDB-303689 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.303689"
},
{
"name": "Submit #544288 | AIAS 20250308 Server-Side Request Forgery",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.544288"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Tr0e/CVE_Hunter/blob/main/AIAS/AIAS_SSRF1.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-07T13:09:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "mymagicpower AIAS AsrController.java server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3411",
"datePublished": "2025-04-08T05:00:12.594Z",
"dateReserved": "2025-04-07T11:04:35.592Z",
"dateUpdated": "2025-04-08T15:29:48.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3412 (GCVE-0-2025-3412)
Vulnerability from cvelistv5 – Published: 2025-04-08 05:31 – Updated: 2025-04-08 15:29
VLAI
Title
mymagicpower AIAS InferController.java server-side request forgery
Summary
A vulnerability, which was classified as critical, was found in mymagicpower AIAS 20250308. Affected is an unknown function of the file 2_training_platform/train-platform/src/main/java/top/aias/training/controller/InferController.java. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.303690 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.303690 | signaturepermissions-required |
| https://vuldb.com/?submit.544289 | third-party-advisory |
| https://github.com/Tr0e/CVE_Hunter/blob/main/AIAS… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mymagicpower | AIAS |
Affected:
20250308
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3412",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T15:10:07.509649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T15:29:36.428Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Tr0e/CVE_Hunter/blob/main/AIAS/AIAS_SSRF2.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AIAS",
"vendor": "mymagicpower",
"versions": [
{
"status": "affected",
"version": "20250308"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in mymagicpower AIAS 20250308. Affected is an unknown function of the file 2_training_platform/train-platform/src/main/java/top/aias/training/controller/InferController.java. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in mymagicpower AIAS 20250308 gefunden. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei 2_training_platform/train-platform/src/main/java/top/aias/training/controller/InferController.java. Mit der Manipulation des Arguments url mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T05:31:05.642Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-303690 | mymagicpower AIAS InferController.java server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.303690"
},
{
"name": "VDB-303690 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.303690"
},
{
"name": "Submit #544289 | AIAS 20250308 Server-Side Request Forgery",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.544289"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Tr0e/CVE_Hunter/blob/main/AIAS/AIAS_SSRF2.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-07T13:09:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "mymagicpower AIAS InferController.java server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3412",
"datePublished": "2025-04-08T05:31:05.642Z",
"dateReserved": "2025-04-07T11:04:38.425Z",
"dateUpdated": "2025-04-08T15:29:36.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-34225 (GCVE-0-2025-34225)
Vulnerability from cvelistv5 – Published: 2025-09-29 20:39 – Updated: 2026-05-15 11:15
VLAI
Title
Vasion Print (formerly PrinterLogic) SSRF via console_release Directory
Summary
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF) vulnerability. The `console_release` directory is reachable from the internet without any authentication. Inside that directory are dozens of PHP scripts that build URLs from user‑controlled values and then invoke either 'curl_exec()` or `file_get_contents()` without proper validation. Although many files attempt to mitigate SSRF by calling `filter_var', the checks are incomplete. Because the endpoint is unauthenticated, any remote attacker can supply a hostname and cause the server to issue requests to internal resources. This enables internal network reconnaissance, potential pivoting, or data exfiltration. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.
Severity
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://pierrekim.github.io/blog/2025-04-08-vasio… | technical-description |
| https://help.printerlogic.com/va/Print/Security/S… | vendor-advisorypatch |
| https://help.printerlogic.com/saas/Print/Security… | vendor-advisorypatch |
| https://www.vulncheck.com/advisories/vasion-print… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Vasion | Print Virtual Appliance Host |
Affected:
0 , < 25.1.102
(semver)
|
|
| Vasion | Print Application |
Affected:
0 , < 25.1.1413
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34225",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-30T13:32:59.178830Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T13:42:32.556Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-ssrf-03"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"console_release directory"
],
"product": "Print Virtual Appliance Host",
"vendor": "Vasion",
"versions": [
{
"lessThan": "25.1.102",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"console_release directory"
],
"product": "Print Application",
"vendor": "Vasion",
"versions": [
{
"lessThan": "25.1.1413",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vasion:virtual_appliance_host:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.1.102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vasion:virtual_appliance_application:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.1.1413",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pierre Barre"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102\u0026nbsp;and Application prior to version 25.1.1413\u0026nbsp;(VA/SaaS deployments) contain a server-side request forgery (SSRF) vulnerability. The `console_release` directory is reachable from the internet without any authentication. Inside that directory are dozens of PHP scripts that build URLs from user\u2011controlled values and then invoke either \u0027curl_exec()` or `file_get_contents()` without proper validation.\u0026nbsp;Although many files attempt to mitigate SSRF by calling `filter_var\u0027, the checks are incomplete. Because the endpoint is unauthenticated, any remote attacker can supply a hostname and cause the server to issue requests to internal resources. This enables internal network reconnaissance, potential pivoting, or data exfiltration. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.\u003cbr\u003e"
}
],
"value": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102\u00a0and Application prior to version 25.1.1413\u00a0(VA/SaaS deployments) contain a server-side request forgery (SSRF) vulnerability. The `console_release` directory is reachable from the internet without any authentication. Inside that directory are dozens of PHP scripts that build URLs from user\u2011controlled values and then invoke either \u0027curl_exec()` or `file_get_contents()` without proper validation.\u00a0Although many files attempt to mitigate SSRF by calling `filter_var\u0027, the checks are incomplete. Because the endpoint is unauthenticated, any remote attacker can supply a hostname and cause the server to issue requests to internal resources. This enables internal network reconnaissance, potential pivoting, or data exfiltration. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
},
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T11:15:31.046Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description"
],
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-ssrf-03"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/vasion-print-printerlogic-ssrf-via-console-release-directory"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Vasion Print (formerly PrinterLogic) SSRF via console_release Directory",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34225",
"datePublished": "2025-09-29T20:39:49.179Z",
"dateReserved": "2025-04-15T19:15:22.574Z",
"dateUpdated": "2026-05-15T11:15:31.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34228 (GCVE-0-2025-34228)
Vulnerability from cvelistv5 – Published: 2025-09-29 20:41 – Updated: 2026-05-15 11:15
VLAI
Title
Vasion Print (formerly PrinterLogic) SSRF via Lexmark update.php
Summary
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF) vulnerability. The `/var/www/app/console_release/lexmark/update.php` script is reachable from the internet without any authentication. The PHP script builds URLs from user‑controlled values and then invokes either 'curl_exec()` or `file_get_contents()` without proper validation. Because the endpoint is unauthenticated, any remote attacker can supply a hostname and cause the server to issue requests to internal resources. This enables internal network reconnaissance, potential pivoting, or data exfiltration. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.
Severity
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://pierrekim.github.io/blog/2025-04-08-vasio… | technical-description |
| https://help.printerlogic.com/va/Print/Security/S… | vendor-advisorypatch |
| https://help.printerlogic.com/saas/Print/Security… | vendor-advisorypatch |
| https://www.vulncheck.com/advisories/vasion-print… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Vasion | Print Virtual Appliance Host |
Affected:
0 , < 25.1.102
(semver)
|
|
| Vasion | Print Application |
Affected:
0 , < 25.1.1413
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34228",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T15:18:15.469709Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T15:19:07.221Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-ssrf-04"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"/var/www/app/console_release/lexmark/update.php"
],
"product": "Print Virtual Appliance Host",
"vendor": "Vasion",
"versions": [
{
"lessThan": "25.1.102",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"/var/www/app/console_release/lexmark/update.php"
],
"product": "Print Application",
"vendor": "Vasion",
"versions": [
{
"lessThan": "25.1.1413",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vasion:virtual_appliance_host:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.1.102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vasion:virtual_appliance_application:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.1.1413",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pierre Barre"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102\u0026nbsp;and Application prior to version 25.1.1413\u0026nbsp;(VA/SaaS deployments) contain a server-side request forgery (SSRF) vulnerability. The `/var/www/app/console_release/lexmark/update.php` script is reachable from the internet without any authentication. The PHP script builds URLs from user\u2011controlled values and then invokes either \u0027curl_exec()` or `file_get_contents()` without proper validation.\u0026nbsp;Because the endpoint is unauthenticated, any remote attacker can supply a hostname and cause the server to issue requests to internal resources. This enables internal network reconnaissance, potential pivoting, or data exfiltration. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102\u00a0and Application prior to version 25.1.1413\u00a0(VA/SaaS deployments) contain a server-side request forgery (SSRF) vulnerability. The `/var/www/app/console_release/lexmark/update.php` script is reachable from the internet without any authentication. The PHP script builds URLs from user\u2011controlled values and then invokes either \u0027curl_exec()` or `file_get_contents()` without proper validation.\u00a0Because the endpoint is unauthenticated, any remote attacker can supply a hostname and cause the server to issue requests to internal resources. This enables internal network reconnaissance, potential pivoting, or data exfiltration. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
},
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T11:15:32.631Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description"
],
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-ssrf-04"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/vasion-print-printerlogic-ssrf-via-lexmark-update-php-script"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Vasion Print (formerly PrinterLogic) SSRF via Lexmark update.php",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34228",
"datePublished": "2025-09-29T20:41:29.156Z",
"dateReserved": "2025-04-15T19:15:22.574Z",
"dateUpdated": "2026-05-15T11:15:32.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.