Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1540

1540 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2025-27232 Frontend arbitrary file read in oauth.authorize action — Zabbix 4.9AIMediumAI2025-12-01
CVE-2025-13814 moxi159753 Mogu Blog v2 uploadPicsByUrl LocalFileServiceImpl.uploadPictureByUrl server-side request forgery — Mogu Blog v2 7.3 High2025-12-01
CVE-2025-13809 orionsec orion-ops SSH Connection MachineInfoController.java server-side request forgery — orion-ops 6.3 Medium2025-12-01
CVE-2025-13796 deco-cx apps Parameter analyticsScript.ts AnalyticsScript server-side request forgery — apps 6.3 Medium2025-11-30
CVE-2025-13789 ZenTao model.php makeRequest server-side request forgery — ZenTao 6.3 Medium2025-11-30
CVE-2025-13378 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Unauthenticated Server-Side Request Forgery via 'pinecone_url' Parameter — AI ChatBot with ChatGPT and Content Generator by AYS 6.5 Medium2025-11-27
CVE-2025-33203 NVIDIA NeMo Agent ToolKit 代码问题漏洞 — NeMo Agent ToolKit 7.6 High2025-11-25
CVE-2025-62155 QuantumNous New API Has SSRF Bypass — new-api 8.5 High2025-11-24
CVE-2025-13588 lKinderBueno Streamity Xtream IPTV Player proxy.php server-side request forgery — Streamity Xtream IPTV Player 6.3 Medium2025-11-24
CVE-2025-12800 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.5 - Authenticated (Administrator+) Server-Side Request Forgery — WP Shortcodes Plugin — Shortcodes Ultimate 6.4 Medium2025-11-23
CVE-2025-62207 Azure Monitor Elevation of Privilege Vulnerability — Azure Monitor Control Service 8.6 High2025-11-20
CVE-2025-13147 External Service Interaction (DNS) — MOVEit Transfer 5.3 Medium2025-11-19
CVE-2025-12359 Responsive Lightbox & Gallery <= 2.5.3 - Authenticated (Author+) Server-Side Request Forgery — Responsive Lightbox & Gallery 5.4 Medium2025-11-19
CVE-2025-12376 Icon List Block – Add Icon-Based Lists with Custom Styles <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery — Icon List Block – Add Icon-Based Lists with Custom Styles 6.4 Medium2025-11-18
CVE-2025-8084 AI Engine <= 3.1.8 - Authenticated (Editor+) Server-Side Request Forgery — AI Engine – The Chatbot, AI Framework & MCP for WordPress 6.8 Medium2025-11-18
CVE-2025-11427 WP Migrate Lite <= 2.7.6 - Unauthenticated Blind Server-Side Request Forgery — WP Migrate Lite – Migration Made Easy 5.8 Medium2025-11-18
CVE-2025-12962 Local Syndication <= 1.5a - Authenticated (Contributor+) Server-Side Request Forgery via Shortcode — Local Syndication 6.4 Medium2025-11-18
CVE-2025-13174 rachelos WeRSS we-mp-rss Webhook mps.py do_job server-side request forgery — WeRSS we-mp-rss 6.3 Medium2025-11-14
CVE-2025-64752 grist-core has path to server-side requests via websocket — grist-core 6.8 Medium2025-11-13
CVE-2025-64709 Typebot May Expose AWS EKS Credentials via Server Side Request Forgery in Webhook Block — typebot.io 9.6 Critical2025-11-13
CVE-2025-64525 Astro: URL manipulation via unsanitized headers leads to path-based middleware protections bypass, potential SSRF/cache-poisoning, CVE-2025-61925 bypass — astro 6.5 Medium2025-11-13
CVE-2025-64511 MaxKB has SSRF in sandbox — MaxKB 7.4 High2025-11-13
CVE-2025-59088 Python-kdcproxy: unauthenticated ssrf via realm‑controlled dns srv — kdcproxy 8.6 High2025-11-12
CVE-2025-64522 Soft Serve is vulnerable to SSRF through its Webhooks — soft-serve 9.1 Critical2025-11-10
CVE-2025-64430 Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format — parse-server 7.5 High2025-11-07
CVE-2025-64178 Jellysweep uses uncontrolled data in image cache API endpoint — jellysweep 6.5 -2025-11-06
CVE-2025-64327 ThinkDashboard: Blind Server-Side Request Forgery (SSRF) vulnerability in /api/ping Endpoint — ThinkDashboard 5.3 Medium2025-11-06
CVE-2025-12560 Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via post_url — Blog2Social: Social Media Auto Post & Scheduler 4.3 Medium2025-11-06
CVE-2025-64163 DataEase's DB2 is vulnerable to SSRF — dataease 10.0 -2025-11-05
CVE-2025-12388 B Carousel Block – Responsive Image and Content Carousel <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery — Carousel Block – Responsive Image and Content Carousel 6.4 Medium2025-11-05

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1540 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.