Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1540

1540 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2025-11917 WPeMatico RSS Feed Fetcher <= 2.8.11 - Authenticated (Subscriber+) Server-Side Request Forgery via wpematico_test_feed — WPeMatico RSS Feed Fetcher 6.4 Medium2025-11-05
CVE-2025-62719 LinkAce: Limited Server-Side Request Forgery (SSRF) in Keyword Fetching Functionality — LinkAce 4.3AIMediumAI2025-11-04
CVE-2025-59837 astro allows bypass of image proxy domain validation leading to SSRF and potential XSS — astro 7.2 High2025-10-28
CVE-2025-36085 Multiple Vulnerabilities in IBM Concert Software. — Concert 5.4 Medium2025-10-28
CVE-2025-62988 WordPress Slider Templates plugin <= 1.0.3 - Server Side Request Forgery (SSRF) vulnerability — Slider Templates 4.9 Medium2025-10-27
CVE-2025-10861 Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers <= 2.1.4 - Unauthenticated Server-Side Request Forgery — Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers 7.5 High2025-10-24
CVE-2025-5350 SSRF and Reflected XSS Vulnerability in Deprecated Try-It Feature of Multiple WSO2 Products — WSO2 Identity Server 5.9 Medium2025-10-24
CVE-2025-12136 Real Cookie Banner: GDPR & ePrivacy Cookie Consent <= 5.2.4 - Authenticated (Admin+) Server-Side Request Forgery via scan-without-login Endpoint — Real Cookie Banner: GDPR & ePrivacy Cookie Consent 6.8 Medium2025-10-24
CVE-2025-59503 Azure Compute Resource Provider Elevation of Privilege Vulnerability — Azure Compute Resource Provider 10.0 Critical2025-10-23
CVE-2025-10705 MxChat – AI Chatbot for WordPress <= 2.4.6 - Unauthenticated Blind Server-Side Request Forgery — MxChat – AI Chatbot & Content Generation for WordPress 5.3 Medium2025-10-23
CVE-2025-11128 Feedzy RSS Feeds Lite <= 5.1.0 - Authenticated (Subscriber+) Server-Side Request Forgery — RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator 5.0 Medium2025-10-23
CVE-2025-62612 FastGPT File Reading Node SSRF Vulnerability — FastGPT 9.1AICriticalAI2025-10-22
CVE-2025-49917 WordPress Icegram Express Pro plugin <= 5.9.5 - Server Side Request Forgery (SSRF) vulnerability — Icegram Express Pro 4.4 Medium2025-10-22
CVE-2025-49374 WordPress Captcha.eu plugin <= 1.0.61 - Server Side Request Forgery (SSRF) vulnerability — Captcha.eu 5.4 Medium2025-10-22
CVE-2025-62763 Zimbra Collaboration 代码问题漏洞 — Collaboration 5.0 Medium2025-10-21
CVE-2025-11536 Element Pack Addons for Elementor <= 8.2.5 - Authenticated (Subscriber+) Blind Server-Side Request Forgery — Element Pack – Widgets, Templates & Addons for Elementor 5.0 Medium2025-10-20
CVE-2025-11361 Essential Blocks <= 5.7.1 - Authenticated (Author+) Server-Side Request Forgery — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns 6.4 Medium2025-10-18
CVE-2025-34282 ThingsBoard < v4.2.1 SVG Image SSRF — ThingsBoard 8.1AIHighAI2025-10-17
CVE-2025-62505 SSRF in lobehub/lobe-chat with native web fetch module — lobe-chat 3.0 Low2025-10-17
CVE-2025-11864 NucleoidAI Nucleoid Outbound Request cluster.ts extension.apply server-side request forgery — Nucleoid 7.3 High2025-10-16
CVE-2025-62427 Server-Side Request Forgery (SSRF) in Angular SSR — angular-cli 9.1AICriticalAI2025-10-16
CVE-2025-10056 Task Scheduler <= 1.6.3 - Authenticated (Admin+) Blind Server-Side Request Forgery — Task Scheduler 4.4 Medium2025-10-15
CVE-2025-11674 PiExtract|SOOP-CLM - Server-Side Request Forgery — SOOP-CLM 6.8 Medium2025-10-13
CVE-2025-11648 Tomofun Furbo 360/Furbo Mini GATT Interface URL TF_FQDN.json server-side request forgery — Furbo 360 5.6 Medium2025-10-12
CVE-2025-11636 Tomofun Furbo 360 Account server-side request forgery — Furbo 360 5.6 Medium2025-10-12
CVE-2025-31993 HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery (SSRF) — Unica Centralized Offer Management 3.5 Low2025-10-12
CVE-2025-9975 WP Scraper <= 5.8.1 - Authenticated (Administrator+) Server-Side Request Forgery — WP Scraper 6.8 Medium2025-10-11
CVE-2025-59146 New API has Authenticated Server-Side Request Forgery (SSRF) issue — new-api 8.5 High2025-10-09
CVE-2025-9868 Nexus Repository 2 - SSRF Vulnerability in Remote Browser Plugin — Nexus Repository 7.5AIHighAI2025-10-08
CVE-2025-6242 Vllm: server side request forgery (ssrf) in mediaconnector — Red Hat AI Inference Server 7.1 High2025-10-07

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1540 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.