Critical Vulnerability Information Advisory ID: SYSS-2025-035 Product: URVE Web Manager Manufacturer: Evoe Affected Version(s): 27.02.2025 Tested Version(s): 27.02.2025 Vulnerability Type: Server-Side Request Forgery (CWE-918) Solution Status: Fixed CVE Reference: CVE-2025-36845 Vulnerability Overview URVE Web Manager is the management web application for Evoe’s Smart Office suite. Due to backend endpoints being exposed to unauthenticated users, the application is vulnerable to Server-Side Request Forgery (SSRF) attacks. Vulnerability Details The endpoint allows SSRF. This endpoint accepts a URL as input, sends a request to that address, and reflects the content in the response. Proof of Concept (PoC) The following HTTP GET request demonstrates an SSRF attack using the endpoint: Solution Block all external requests to any endpoints under . Update to the latest version. Disclosure Timeline 2025-04-01: Vulnerability discovered 2025-04-05: Vulnerability reported to manufacturer 2025-06-02: Manufacturer released patch 2025-07-17: Public disclosure References [1] URVE Smart Office product website: https://smartoffice.expert/en/ [2] SySS Security Advisory SYSS-2025-035: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-035.txt [3] SySS Responsible Disclosure Policy: https://www.syss.de/en/responsible-disclosure-policy Acknowledgments This security vulnerability was discovered by Stefan Krause of SySS GmbH.