Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1540

1540 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2025-55151 Stirling-PDF SSRF vulnerability on /api/v1/convert/file/pdf — Stirling-PDF 8.6 High2025-08-11
CVE-2025-25235 Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability — Secure Email Gateway 8.6 High2025-08-11
CVE-2025-8772 Vinades NukeViet Module index.php server-side request forgery — NukeViet 4.3 Medium2025-08-09
CVE-2025-4655 Liferay Portal和Liferay DXP 代码问题漏洞 — Portal 9.1 -2025-08-09
CVE-2025-4581 Liferay Portal和Liferay DXP 代码问题漏洞 — Portal 9.1 -2025-08-09
CVE-2025-53767 Azure OpenAI Elevation of Privilege Vulnerability — Azure Open AI 10.0 Critical2025-08-07
CVE-2025-8529 cloudfavorites favorites-web CollectController.java getCollectLogoUrl server-side request forgery — favorites-web 6.3 Medium2025-08-04
CVE-2025-8527 Exrick xboot Swagger SecurityController.java server-side request forgery — xboot 6.3 Medium2025-08-04
CVE-2025-8520 givanz Vvveb Drag-and-Drop Editor editor server-side request forgery — Vvveb 4.7 Medium2025-08-04
CVE-2025-8341 SSRF in Infinity Datasource Plugin — grafana-infinity-datasource 5.0 Medium2025-08-04
CVE-2025-54132 Cursor's Mermaid Diagram Tool is Vulnerable to an Arbitrary Image Fetch — cursor 4.4 Medium2025-08-01
CVE-2025-54590 webfinger.js is vulnerable to Blind SSRF attacks through localhost — webfinger.js 8.2 -2025-08-01
CVE-2025-52567 GLPI has overly permissive URL verification — glpi 3.5 Low2025-07-30
CVE-2025-54381 BentoML is Vulnerable to an SSRF Attack Through File Upload Processing — BentoML 9.9 Critical2025-07-29
CVE-2025-24485 MedDream PACS Premium 代码问题漏洞 — MedDream PACS Premium 5.8 Medium2025-07-28
CVE-2025-8267 SSRF Check 安全漏洞 — ssrfcheck 8.2 High2025-07-28
CVE-2025-8228 yanyutao0402 ChanCMS getPages server-side request forgery — ChanCMS 6.3 Medium2025-07-27
CVE-2025-52455 Salesforce Tableau 安全漏洞 — Tableau Server 5.4 -2025-07-25
CVE-2025-52454 Salesforce Tableau Server 安全漏洞 — Tableau Server 6.5 -2025-07-25
CVE-2025-52453 Salesforce Tableau 安全漏洞 — Tableau Server 4.3 -2025-07-25
CVE-2025-8133 yanyutao0402 ChanCMS gather.js getArticle server-side request forgery — ChanCMS 6.3 Medium2025-07-25
CVE-2025-8020 private-ip 安全漏洞 — private-ip 8.2 High2025-07-23
CVE-2025-5818 Featured Image Plus – Quick & Bulk Edit with Unsplash <= 1.6.6 - Authenticated (Admin+) Server-Side Request Forgery — Featured Image Plus – Bulk Edit Featured Images, Unsplash & Alt Text Manager 5.5 Medium2025-07-23
CVE-2025-54122 Manager-io/Manager allows unauthenticated full read server-side request forgery in "proxy" endpoint — Manager 10.0 Critical2025-07-21
CVE-2025-46385 Emby Windows 代码问题漏洞 — Windows 8.6 High2025-07-20
CVE-2025-7787 Xuxueli xxl-job SampleXxlJob.java httpJobHandler server-side request forgery — xxl-job 6.3 Medium2025-07-18
CVE-2025-7759 thinkgem JeeSite UEditor Image Grabber ActionEnter.java server-side request forgery — JeeSite 6.3 Medium2025-07-17
CVE-2025-20288 Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability — Cisco Unified Contact Center Express 5.8 Medium2025-07-16
CVE-2024-9408 Eclipse GlassFish 代码问题漏洞 — Eclipse Glassfish 9.8 -2025-07-16
CVE-2025-48294 WordPress FG Drupal to WordPress plugin <= 3.90.0 - Server Side Request Forgery (SSRF) Vulnerability — FG Drupal to WordPress 4.4 Medium2025-07-16

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1540 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.