Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1540

1540 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2025-67743 Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service — local-deep-research 6.3 Medium2025-12-23
CVE-2021-47715 Hasura GraphQL 1.3.3 Server-Side Request Forgery via Remote Schema Injection — Hasura GraphQL 5.3 Medium2025-12-22
CVE-2025-68477 Langflow vulnerable to Server-Side Request Forgery — langflow 7.7 High2025-12-19
CVE-2025-13999 HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player 2.4.0 - 2.5.1 - Unauthenticated Server-Side Request Forgery — HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player 7.2 High2025-12-19
CVE-2025-64663 Custom Question Answering Elevation of Privilege Vulnerability — Azure Cognitive Service for Language 9.9 Critical2025-12-18
CVE-2025-14277 Prime Slider – Addons for Elementor <= 4.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery — Prime Slider – Addons for Elementor 4.3 Medium2025-12-18
CVE-2025-68150 Parse Server has Server-Side Request Forgery (SSRF) in Instagram OAuth Adapter — parse-server 9.1AICriticalAI2025-12-16
CVE-2023-53899 PodcastGenerator 3.2.9 Blind Server-Side Request Forgery via XML Injection — Unknown 9.8 Critical2025-12-16
CVE-2025-14443 Ose-openshift-apiserver: openshift api server: server-side request forgery (ssrf) vulnerability in imagestreamimport mechanism — Red Hat OpenShift Container Platform 4 6.4 Medium2025-12-16
CVE-2025-67989 WordPress Kerge theme <= 4.1.3 - Server Side Request Forgery (SSRF) vulnerability — Kerge 5.4 Medium2025-12-16
CVE-2023-53893 Ateme TITAN File 3.9 Authenticated Server-Side Request Forgery Vulnerability — TITAN 4.3AIMediumAI2025-12-15
CVE-2025-13281 Portworx Half-Blind SSRF in kube-controller-manager — Kubernetes 5.8 Medium2025-12-14
CVE-2025-11970 Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated <= 1.0.9 - Authenticated (Admin+) Server-Side Request Forgery — Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated 4.4 Medium2025-12-13
CVE-2025-14518 PowerJob Network Request PingPongUtils.java checkConnectivity server-side request forgery — PowerJob 6.3 Medium2025-12-11
CVE-2025-14516 Yalantis uCrop URL com.yalantis.ucrop.task.BitmapLoadTask.java downloadFile server-side request forgery — uCrop 6.3 Medium2025-12-11
CVE-2025-11467 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 5.1.1 - Unauthenticated Blind Server-Side Request Forgery — RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator 5.8 Medium2025-12-11
CVE-2020-36884 BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SSRF — BrightSign Digital Signage Diagnostic Web Server 5.3AIMediumAI2025-12-10
CVE-2025-67494 ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login — zitadel 9.3 Critical2025-12-09
CVE-2021-47703 OpenBMCS Server Side Request Forgery (SSRF) via /php/query.php — OpenBMCS 6.5AIMediumAI2025-12-09
CVE-2025-63010 WordPress Hercules Core plugin <= 7.4 - Server Side Request Forgery (SSRF) vulnerability — Hercules Core 4.9 Medium2025-12-09
CVE-2025-12832 IBM InfoSphere Information Server Server-Side Request Forgery — InfoSphere Information Server 4.6 Medium2025-12-08
CVE-2025-26487 Server Side Request Forgery (SSRF) in the web server of Infinera MTC-9 — MTC-9 8.6 High2025-12-08
CVE-2025-14116 xerrors Yuxi-Know embed.py OtherEmbedding.aencode server-side request forgery — Yuxi-Know 4.7 Medium2025-12-05
CVE-2025-59775 Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF — Apache HTTP Server 5.3 -2025-12-05
CVE-2025-65958 Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web — open-webui 8.5 High2025-12-04
CVE-2025-14008 dayrui XunRuiCMS Project Domain Change Test admin79f2ec220c7e.php server-side request forgery — XunRuiCMS 4.7 Medium2025-12-04
CVE-2025-14004 dayrui XunRuiCMS Email Setting admind45f74adbd95.php server-side request forgery — XunRuiCMS 4.7 Medium2025-12-04
CVE-2025-20388 Blind Server Side Request Forgery (SSRF) through Distributed Search Peers in Splunk Enterprise — Splunk Enterprise 2.7 Low2025-12-03
CVE-2025-13872 Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio — Opinio 9.1AICriticalAI2025-12-02
CVE-2025-66405 Portkey.ai Gateway: Server-Side Request Forgery (SSRF) in Custom Host — gateway 6.5AIMediumAI2025-12-01

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1540 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.