CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4592 vulnerabilities reference this CWE, most recent first.
GHSA-X3M3-G8W6-MF28
Vulnerability from github – Published: 2022-03-16 00:00 – Updated: 2022-11-30 20:27Jenkins Semantic Versioning Plugin defines a controller/agent message that processes a given file as XML and returns version information. The XML parser is not configured to prevent XML external entity (XXE) attacks, which is only a problem if XML documents are parsed on the Jenkins controller.
Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of a controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
This vulnerability is only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. See the LTS upgrade guide.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:semantic-versioning-plugin"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-27201"
],
"database_specific": {
"cwe_ids": [
"CWE-611",
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2022-11-30T20:27:14Z",
"nvd_published_at": "2022-03-15T17:15:00Z",
"severity": "HIGH"
},
"details": "Jenkins Semantic Versioning Plugin defines a controller/agent message that processes a given file as XML and returns version information. The XML parser is not configured to prevent XML external entity (XXE) attacks, which is only a problem if XML documents are parsed on the Jenkins controller.\n\nJenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of a controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.\n\nThis vulnerability is only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. See the [LTS upgrade guide](https://www.jenkins.io/doc/upgrade-guide/2.303/#upgrading-to-jenkins-lts-2-303-3).",
"id": "GHSA-x3m3-g8w6-mf28",
"modified": "2022-11-30T20:27:14Z",
"published": "2022-03-16T00:00:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27201"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/semantic-versioning-plugin"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2124"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin"
}
GHSA-X3X3-QWJQ-8GJ4
Vulnerability from github – Published: 2022-12-13 18:30 – Updated: 2022-12-15 22:00A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.cxf:cxf-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.cxf:cxf-core"
},
"ranges": [
{
"events": [
{
"introduced": "3.5.0"
},
{
"fixed": "3.5.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-46364"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-13T19:45:21Z",
"nvd_published_at": "2022-12-13T17:15:00Z",
"severity": "CRITICAL"
},
"details": "A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
"id": "GHSA-x3x3-qwjq-8gj4",
"modified": "2022-12-15T22:00:04Z",
"published": "2022-12-13T18:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
},
{
"type": "WEB",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Apache CXF Server-Side Request Forgery vulnerability"
}
GHSA-X424-J55F-6XV3
Vulnerability from github – Published: 2022-05-26 00:01 – Updated: 2022-06-08 00:00Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2.
{
"affected": [],
"aliases": [
"CVE-2022-1815"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-25T09:15:00Z",
"severity": "HIGH"
},
"details": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2.",
"id": "GHSA-x424-j55f-6xv3",
"modified": "2022-06-08T00:00:34Z",
"published": "2022-05-26T00:01:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1815"
},
{
"type": "WEB",
"url": "https://github.com/jgraph/drawio/commit/c287bef9101d024b1fd59d55ecd530f25000f9d8"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/6e856a25-9117-47c6-9375-52f78876902f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X46J-Q5R9-V3G5
Vulnerability from github – Published: 2025-04-24 18:31 – Updated: 2026-04-01 18:34Server-Side Request Forgery (SSRF) vulnerability in Derek Springer BeerXML Shortcode allows Server Side Request Forgery. This issue affects BeerXML Shortcode: from n/a through 0.71.
{
"affected": [],
"aliases": [
"CVE-2025-46511"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-24T16:15:42Z",
"severity": "MODERATE"
},
"details": "Server-Side Request Forgery (SSRF) vulnerability in Derek Springer BeerXML Shortcode allows Server Side Request Forgery. This issue affects BeerXML Shortcode: from n/a through 0.71.",
"id": "GHSA-x46j-q5r9-v3g5",
"modified": "2026-04-01T18:34:58Z",
"published": "2025-04-24T18:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46511"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/beerxml-shortcode/vulnerability/wordpress-beerxml-shortcode-0-71-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X4HM-VCRP-R3Q5
Vulnerability from github – Published: 2026-04-08 09:31 – Updated: 2026-04-14 15:30Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images getty-images allows Server Side Request Forgery.This issue affects Getty Images: from n/a through <= 4.1.0.
{
"affected": [],
"aliases": [
"CVE-2026-39630"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-08T09:16:33Z",
"severity": "MODERATE"
},
"details": "Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images getty-images allows Server Side Request Forgery.This issue affects Getty Images: from n/a through \u003c= 4.1.0.",
"id": "GHSA-x4hm-vcrp-r3q5",
"modified": "2026-04-14T15:30:29Z",
"published": "2026-04-08T09:31:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39630"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/getty-images/vulnerability/wordpress-getty-images-plugin-4-1-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X4MR-7JCX-V2X6
Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-05-24 17:47The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests.
{
"affected": [],
"aliases": [
"CVE-2021-29357"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-12T19:15:00Z",
"severity": "HIGH"
},
"details": "The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests.",
"id": "GHSA-x4mr-7jcx-v2x6",
"modified": "2022-05-24T17:47:09Z",
"published": "2022-05-24T17:47:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29357"
},
{
"type": "WEB",
"url": "https://labs.integrity.pt/advisories/cve-2021-29357"
},
{
"type": "WEB",
"url": "https://success.outsystems.com/Support/Security/Vulnerabilities/Vulnerability_RTAF-2226"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-X4QJ-2F4Q-R4RX
Vulnerability from github – Published: 2025-11-05 19:52 – Updated: 2025-11-07 20:31Impact
A Server-Side Request Forgery (SSRF) vulnerability in the file upload functionality when trying to upload a Parse.File with uri parameter allows to execute an arbitrary URI. The vulnerability stems from a file upload feature in which Parse Server retrieves the file data from a URI that is provided in the request. A request to the provided URI is executed, but the response is not stored in Parse Server's file storage as the server crashes upon receiving the response.
Patches
The feature has been implemented in Parse Server 4.2.0 but never worked and reliably crashes the server when trying to use it due to a bug in its implementation. Since the feature is not currently working, and due to its risky nature, it has been removed to address the vulnerability.
Workarounds
None.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "parse-server"
},
"ranges": [
{
"events": [
{
"introduced": "4.2.0"
},
{
"fixed": "7.5.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.4.0-alpha.1"
},
"package": {
"ecosystem": "npm",
"name": "parse-server"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.4.0-alpha.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-64430"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2025-11-05T19:52:27Z",
"nvd_published_at": "2025-11-07T18:15:37Z",
"severity": "HIGH"
},
"details": "### Impact\n\nA Server-Side Request Forgery (SSRF) vulnerability in the file upload functionality when trying to upload a `Parse.File` with `uri` parameter allows to execute an arbitrary URI. The vulnerability stems from a file upload feature in which Parse Server retrieves the file data from a URI that is provided in the request. A request to the provided URI is executed, but the response is not stored in Parse Server\u0027s file storage as the server crashes upon receiving the response.\n\n### Patches\n\nThe feature has been implemented in Parse Server 4.2.0 but never worked and reliably crashes the server when trying to use it due to a bug in its implementation. Since the feature is not currently working, and due to its risky nature, it has been removed to address the vulnerability.\n\n### Workarounds\n\nNone.",
"id": "GHSA-x4qj-2f4q-r4rx",
"modified": "2025-11-07T20:31:43Z",
"published": "2025-11-05T19:52:27Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-x4qj-2f4q-r4rx"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64430"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/pull/9903"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/pull/9904"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/commit/8bbe3efbcf4a3b66f4a8db9bfb18cd98c050db51"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/commit/97763863b72689a29ad7a311dfb590c3e3c50585"
},
{
"type": "PACKAGE",
"url": "https://github.com/parse-community/parse-server"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format"
}
GHSA-X4R9-GMW3-HXWW
Vulnerability from github – Published: 2026-06-12 18:23 – Updated: 2026-06-12 18:23Summary
A GeoServer that uses ENTITY_RESOLUTION_ALLOWLIST may allow attacker to perform unauthenticated Server-Side Request Forgery (SSRF).
Details
This vulnerability requires that GeoServer is set up to use a proxy base URL and the ENTITY_RESOLUTION_ALLOWLIST (default since 2.25.0):
Impact
This vulnerability allows an attacker to cause GeoServer to make requests to an unintended location.
Workaround
GeoServer installations are only affected by this vulnerability if they use a proxy base URL that does not contain a URL path or end with a slash (e.g., https://somesite.org instead of https://somesite.org/ or https://somesite.org/geoserver). If the proxy base URL does not contain a path, adding a slash to the end of the URL will mitigate this vulnerability.
Resources
https://osgeo-org.atlassian.net/browse/GEOS-11867 https://github.com/geoserver/geoserver/pull/8622
Credits:
- Le Mau Anh Phong at Verichains Cyber Force
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.26.3"
},
"package": {
"ecosystem": "Maven",
"name": "org.geoserver.web:gs-web-app"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.26.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.26.3"
},
"package": {
"ecosystem": "Maven",
"name": "org.geoserver:gs-main"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.26.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.27.2"
},
"package": {
"ecosystem": "Maven",
"name": "org.geoserver:gs-main"
},
"ranges": [
{
"events": [
{
"introduced": "2.27.0"
},
{
"fixed": "2.27.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.27.2"
},
"package": {
"ecosystem": "Maven",
"name": "org.geoserver.web:gs-web-app"
},
"ranges": [
{
"events": [
{
"introduced": "2.27.0"
},
{
"fixed": "2.27.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-58175"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-611",
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-12T18:23:35Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\nA GeoServer that uses `ENTITY_RESOLUTION_ALLOWLIST` may allow attacker to perform unauthenticated Server-Side Request Forgery (SSRF).\n\n### Details\nThis vulnerability requires that GeoServer is set up to use a proxy base URL and the `ENTITY_RESOLUTION_ALLOWLIST` (default since 2.25.0):\n\n### Impact\nThis vulnerability allows an attacker to cause GeoServer to make requests to an unintended location.\n\n### Workaround\nGeoServer installations are only affected by this vulnerability if they use a proxy base URL that does not contain a URL path or end with a slash (e.g., `https://somesite.org` instead of `https://somesite.org/` or `https://somesite.org/geoserver`). If the proxy base URL does not contain a path, adding a slash to the end of the URL will mitigate this vulnerability.\n\n### Resources\nhttps://osgeo-org.atlassian.net/browse/GEOS-11867\nhttps://github.com/geoserver/geoserver/pull/8622\n\n### Credits:\n- Le Mau Anh Phong at Verichains Cyber Force",
"id": "GHSA-x4r9-gmw3-hxww",
"modified": "2026-06-12T18:23:35Z",
"published": "2026-06-12T18:23:35Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-x4r9-gmw3-hxww"
},
{
"type": "WEB",
"url": "https://github.com/geoserver/geoserver/pull/8622"
},
{
"type": "PACKAGE",
"url": "https://github.com/geoserver/geoserver"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution"
}
GHSA-X4VC-M5G5-663M
Vulnerability from github – Published: 2025-07-11 09:30 – Updated: 2025-07-11 09:30The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajax_blinks() function which ultimately calls the check_url_status_code() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
{
"affected": [],
"aliases": [
"CVE-2025-6851"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-11T09:15:25Z",
"severity": "HIGH"
},
"details": "The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajax_blinks() function which ultimately calls the check_url_status_code() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.",
"id": "GHSA-x4vc-m5g5-663m",
"modified": "2025-07-11T09:30:32Z",
"published": "2025-07-11T09:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6851"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3323864%40broken-link-notifier\u0026new=3323864%40broken-link-notifier\u0026sfp_email=\u0026sfph_mail="
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f76c9f8-c57a-4875-b581-f67c9c60021c?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X557-GW6M-864X
Vulnerability from github – Published: 2025-11-19 06:31 – Updated: 2025-11-19 06:31The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'get_image_size_by_url' function. This is due to insufficient validation of user-supplied URLs when determining image dimensions for gallery items. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.
{
"affected": [],
"aliases": [
"CVE-2025-12359"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-19T06:15:45Z",
"severity": "MODERATE"
},
"details": "The Responsive Lightbox \u0026 Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the \u0027get_image_size_by_url\u0027 function. This is due to insufficient validation of user-supplied URLs when determining image dimensions for gallery items. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.",
"id": "GHSA-x557-gw6m-864x",
"modified": "2025-11-19T06:31:11Z",
"published": "2025-11-19T06:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12359"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/responsive-lightbox/tags/2.5.3/includes/class-fast-image.php#L25"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/responsive-lightbox/tags/2.5.3/includes/class-frontend.php#L1531"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/responsive-lightbox/tags/2.5.3/includes/class-galleries.php#L3648"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/responsive-lightbox/tags/2.5.3/includes/functions.php#L108"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3397940%40responsive-lightbox%2Ftrunk\u0026old=3358021%40responsive-lightbox%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
},
{
"type": "WEB",
"url": "https://research.cleantalk.org/cve-2025-12359"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7f4c0bd6-f289-4a52-ac11-345076c32d84?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.