Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1540

1540 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2025-1220 Null byte termination in hostnames — PHP 3.7 Low2025-07-13
CVE-2025-53641 Postiz allows header mutation in middleware facilitates resulting in SSRF — postiz-app 8.2 High2025-07-11
CVE-2025-50125 Schneider Electric EcoStruxure IT Data Center Expert 代码问题漏洞 — EcoStruxure™ IT Data Center Expert 9.8AICriticalAI2025-07-11
CVE-2025-6851 Broken Link Notifier <= 1.3.0 - Unauthenticated Server-Side Request Forgery — Broken Link Notifier 7.2 High2025-07-11
CVE-2024-43394 Apache HTTP Server: SSRF on Windows due to UNC paths — Apache HTTP Server 7.5 -2025-07-10
CVE-2024-43204 Apache HTTP Server: SSRF with mod_headers setting Content-Type header — Apache HTTP Server 5.9AIMediumAI2025-07-10
CVE-2025-49545 ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918) — ColdFusion 6.2 Medium2025-07-08
CVE-2025-0292 Ivanti Connect Secure和Ivanti Policy Secure 代码问题漏洞 — Connect Secure 5.5 Medium2025-07-08
CVE-2025-42965 Server Side Request Forgery(SSRF) vulnerability in SAP BusinessObjects BI Platform Central Management Console Promotion Management Application — SAP BusinessObjects BI Platform Central Management Console Promotion Management Application 4.1 Medium2025-07-08
CVE-2025-53473 Nimesa Backup and Recovery 代码问题漏洞 — Nimesa Backup and Recovery 9.1AICriticalAI2025-07-07
CVE-2025-7103 BoyunCMS curl Index.php server-side request forgery — BoyunCMS 6.3 Medium2025-07-07
CVE-2025-49418 WordPress Allmart plugin <= 1.0.0 - Server Side Request Forgery (SSRF) Vulnerability — Allmart 7.2 High2025-07-04
CVE-2025-28963 WordPress URL Shortener plugin <= 3.0.7 - Server Side Request Forgery (SSRF) Vulnerability — URL Shortener 5.4 Medium2025-07-04
CVE-2025-6729 PayMaster for WooCommerce <= 0.4.31 - Authenticated (Subscriber+) Server-Side Request Forgery — PayMaster for WooCommerce 6.4 Medium2025-07-04
CVE-2025-5817 Amazon Products to WooCommerce <= 1.2.7 - Unauthenticated Server-Side Request Forgery — Amazon Products to WooCommerce 7.2 High2025-07-02
CVE-2025-34051 AVTECH DVR Devices Server-Side Request Forgery — DVR devices 9.1AICriticalAI2025-07-01
CVE-2025-52491 Akamai CloudTest 代码问题漏洞 — CloudTest 5.8 Medium2025-06-30
CVE-2025-53018 Lychee has Server-Side Request Forgery (SSRF) in Photo::fromUrl API via unvalidated remote image URLs — Lychee 3.0 Low2025-06-27
CVE-2025-6762 diyhi bbs HTTP Header login getUrl server-side request forgery — bbs 6.3 Medium2025-06-27
CVE-2025-2940 Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated Server-Side Request Forgery — Ninja Tables – Easy Data Table Builder 7.2 High2025-06-27
CVE-2025-52477 Octo-STS Vulnerable to Unauthenticated SSRF with HTTP Response Reflection in OIDC Flow — app 8.6 High2025-06-26
CVE-2024-51981 Unauthenticated Server Side Request Forgery (SSRF) via WS-Eventing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, and Toshiba Tec, and Konica Minolta, Inc. — HL-L8260CDN 5.3 Medium2025-06-25
CVE-2024-51980 Unauthenticated Server Side Request Forgery (SSRF) via WS-Addressing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc. — HL-L8260CDN 5.3 Medium2025-06-25
CVE-2025-49852 Server-Side Request Forgery (SSRF) in ControlID iDSecure On-premises — iDSecure On-premises 7.5 High2025-06-24
CVE-2025-2828 SSRF Vulnerability in RequestsToolkit in langchain-ai/langchain — langchain-ai/langchain 7.5 -2025-06-23
CVE-2025-6517 Dromara MaxKey Meta URL SAML20DetailsController.java add server-side request forgery — MaxKey 6.3 Medium2025-06-23
CVE-2025-52967 MLflow 代码问题漏洞 — MLflow 5.8 Medium2025-06-23
CVE-2025-34021 Selea Targa IP OCR-ANPR Camera Server-Side Request Forgery — Targa IP OCR-ANPR Camera 9.1AICriticalAI2025-06-20
CVE-2025-49983 WordPress WPThumb plugin <= 0.10 - Server Side Request Forgery (SSRF) Vulnerability — WPThumb 4.9 Medium2025-06-20
CVE-2025-49984 WordPress PowerPress Podcasting plugin <= 11.13.11 - Server Side Request Forgery (SSRF) Vulnerability — PowerPress Podcasting 4.9 Medium2025-06-20

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1540 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.