cnvd - cnvd-2025-21412

CNVD-2025-21412

Vulnerability from cnvd - Published: 2025-09-17

Title

西安众邦网络科技有限公司CRMEB服务端请求伪造漏洞

Description

CRMEB是一个Java商城系统。 CRMEB 5.6.1及之前版本存在服务端请求伪造漏洞，该漏洞源于文件app/services/out/OutAccountServices.php中参数push_token_url未实现足够的验证机制来确认请求的来源，攻击者可利用该漏洞探测服务器内网资源。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://github.com/August829/Yu/blob/main/58ead8e7e08bfb015.md

Reference

https://nvd.nist.gov/vuln/detail/CVE-2025-10391

Impacted products

Name
西安众邦网络科技有限公司 crmeb <=5.6.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-10391",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-10391"
    }
  },
  "description": "CRMEB\u662f\u4e00\u4e2aJava\u5546\u57ce\u7cfb\u7edf\u3002\n\nCRMEB 5.6.1\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u670d\u52a1\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u6587\u4ef6app/services/out/OutAccountServices.php\u4e2d\u53c2\u6570push_token_url\u672a\u5b9e\u73b0\u8db3\u591f\u7684\u9a8c\u8bc1\u673a\u5236\u6765\u786e\u8ba4\u8bf7\u6c42\u7684\u6765\u6e90\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63a2\u6d4b\u670d\u52a1\u5668\u5185\u7f51\u8d44\u6e90\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://github.com/August829/Yu/blob/main/58ead8e7e08bfb015.md",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-21412",
  "openTime": "2025-09-17",
  "products": {
    "product": "\u897f\u5b89\u4f17\u90a6\u7f51\u7edc\u79d1\u6280\u6709\u9650\u516c\u53f8 crmeb \u003c=5.6.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-10391",
  "serverity": "\u4e2d",
  "submitTime": "2025-09-16",
  "title": "\u897f\u5b89\u4f17\u90a6\u7f51\u7edc\u79d1\u6280\u6709\u9650\u516c\u53f8CRMEB\u670d\u52a1\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

CVE-2025-10391 (GCVE-0-2025-10391)

Vulnerability from cvelistv5 – Published: 2025-09-14 05:02 – Updated: 2025-09-15 13:31

Title

CRMEB OutAccountServices.php testOutUrl server-side request forgery

Summary

A security vulnerability has been detected in CRMEB up to 5.6.1. The impacted element is the function testOutUrl of the file app/services/out/OutAccountServices.php. The manipulation of the argument push_token_url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity ?

5.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

CWE

CWE-918 - Server-Side Request Forgery

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.323826	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.323826	signaturepermissions-required
	https://vuldb.com/?submit.644582	third-party-advisory
	https://github.com/August829/Yu/blob/main/58ead8e…	exploit

Impacted products

	Vendor	Product	Version
	n/a	CRMEB	Affected: 5.6.0 Affected: 5.6.1

Credits

Yu Bao (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-10391",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-15T13:29:42.877726Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-15T13:31:48.622Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CRMEB",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "5.6.0"
            },
            {
              "status": "affected",
              "version": "5.6.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Yu Bao (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security vulnerability has been detected in CRMEB up to 5.6.1. The impacted element is the function testOutUrl of the file app/services/out/OutAccountServices.php. The manipulation of the argument push_token_url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In CRMEB bis 5.6.1 wurde eine Schwachstelle gefunden. Hiervon betroffen ist die Funktion testOutUrl der Datei app/services/out/OutAccountServices.php. Mittels Manipulieren des Arguments push_token_url mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Ein Angriff ist aus der Distanz m\u00f6glich. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "Server-Side Request Forgery",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-14T05:02:06.676Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-323826 | CRMEB OutAccountServices.php testOutUrl server-side request forgery",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.323826"
        },
        {
          "name": "VDB-323826 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.323826"
        },
        {
          "name": "Submit #644582 | crmeb CRMEB-KY v5.6.1 SSRF",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.644582"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb015.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-13T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-09-13T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-09-13T11:51:07.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "CRMEB OutAccountServices.php testOutUrl server-side request forgery"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-10391",
    "datePublished": "2025-09-14T05:02:06.676Z",
    "dateReserved": "2025-09-13T09:45:58.759Z",
    "dateUpdated": "2025-09-15T13:31:48.622Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2025-21412

CVE-2025-10391 (GCVE-0-2025-10391)

Tags

Sightings

Nomenclature