Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1540

1540 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2025-59155 hackmd-mcp server-side request forgery in HTTP transport mode — hackmd-mcp 9.1AICriticalAI2025-09-15
CVE-2025-10471 ZKEACMS MediaController.cs Proxy server-side request forgery — ZKEACMS 6.3 Medium2025-09-15
CVE-2025-58045 Dataease server-side request forgery via unfiltered DB2 JDBC ldap parameter — dataease 9.8AICriticalAI2025-09-15
CVE-2025-10453 PilotGaea Technologies|O'View MapServer - Server-Side Request Forgery — O'View MapServer 5.3 Medium2025-09-15
CVE-2025-10410 SourceCodester Link Status Checker index.php server-side request forgery — Link Status Checker 6.3 Medium2025-09-14
CVE-2025-10397 Magicblack MacCMS API server-side request forgery — MacCMS 4.7 Medium2025-09-14
CVE-2025-10395 Magicblack MacCMS Scheduled Task col_url server-side request forgery — MacCMS 4.7 Medium2025-09-14
CVE-2025-10393 miurla morphic HTTP Status Code 3xx advanced-search fetchHtml server-side request forgery — morphic 6.3 Medium2025-09-14
CVE-2025-10391 CRMEB OutAccountServices.php testOutUrl server-side request forgery — CRMEB 6.3 Medium2025-09-14
CVE-2025-10329 cdevroe unmark Marks.php server-side request forgery — unmark 6.3 Medium2025-09-12
CVE-2025-6454 Server-Side Request Forgery (SSRF) in GitLab — GitLab 8.5 High2025-09-12
CVE-2025-59055 InstantCMS vulnerable to Server-Side Request Forgery via package installer — icms2 4.7 Medium2025-09-11
CVE-2025-10211 yanyutao0402 ChanCMS getArticle CollectController server-side request forgery — ChanCMS 6.3 Medium2025-09-10
CVE-2025-7843 Auto Save Remote Images (Drafts) <= 1.0.9 - Authenticated (Contributor+) Server-Side Request Forgery — Auto Save Remote Images (Drafts) 6.4 Medium2025-09-10
CVE-2025-9269 Server-Side Request Forgery (SSRF) vulnerability found in embedded web server — CX, XC, CS, MS, MX, XM, et. al. 7.5AIHighAI2025-09-09
CVE-2025-54249 Adobe Experience Manager | Server-Side Request Forgery (SSRF) (CWE-918) — Adobe Experience Manager 6.5 Medium2025-09-09
CVE-2025-58977 WordPress WP eBay Product Feeds Plugin <= 3.4.8 - Server Side Request Forgery (SSRF) Vulnerability — WP eBay Product Feeds 4.9 Medium2025-09-09
CVE-2025-5005 Shanghai Lingdang Information Technology Lingdang CRM index_event.php server-side request forgery — Lingdang CRM 7.3 High2025-09-09
CVE-2025-49430 WordPress Ultimate Video Player Plugin <= 10.1 - Server Side Request Forgery (SSRF) Vulnerability — Ultimate Video Player 7.2 High2025-09-09
CVE-2025-47437 WordPress LiteSpeed Cache plugin <= 7.0.1 - Server Side Request Forgery (SSRF) vulnerability — LiteSpeed Cache 6.4 Medium2025-09-09
CVE-2025-55139 Ivanti多款产品 代码问题漏洞 — Connect Secure 6.8 Medium2025-09-09
CVE-2025-43763 Liferay Portal和Liferay DXP 代码问题漏洞 — Portal 9.1AICriticalAI2025-09-08
CVE-2025-10096 SimStudioAI sim route.ts server-side request forgery — sim 6.3 Medium2025-09-08
CVE-2025-58829 WordPress Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One plugin <= 2.3.3 - Server Side Request Forgery (SSRF) vulnerability — Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One 4.9 Medium2025-09-05
CVE-2025-58179 Astro Cloudflare adapter is vulnerable to Server-Side Request Forgery via /_image endpoint — astro 7.2 High2025-09-04
CVE-2025-58641 WordPress Exit Intent Popup Plugin <= 1.0.1 - Server Side Request Forgery (SSRF) Vulnerability — Exit Intent Popup 5.4 Medium2025-09-03
CVE-2025-58615 WordPress WP Bannerize Pro Plugin <= 1.10.0 - Server Side Request Forgery (SSRF) Vulnerability — WP Bannerize Pro 4.4 Medium2025-09-03
CVE-2025-9821 SSRF via webhook function — Mautic 2.7 Low2025-09-03
CVE-2025-9805 SimStudioAI sim route.ts server-side request forgery — sim 6.3 Medium2025-09-02
CVE-2025-9799 Langfuse Webhook promptRouter.ts promptChangeEventSourcing server-side request forgery — Langfuse 5.0 Medium2025-09-01

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1540 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.