漏洞关键信息 CVE ID: CVE-2025-14116 Vulnerability Type: Server-Side Request Forgery (SSRF) CVSS Meta Temp Score: 4.2 Current Exploit Price: $0-$5k CTI Interest Score: 3.97 Summary Affected Software: xerrors Yuxi-Know up to 0.4.0 Affected Function: otherEmbedding.aencode Affected File: /src/models/embed.py Vulnerable Parameter: health_url Impact: Server-Side Request Forgery Attack Vector: Remote Exploit Status: Present Details Vulnerability Description: Manipulating the parameter with unknown input leads to SSRF. CWE Classification: CWE-918 Consequences: Affects confidentiality, integrity, and availability. Vendor Response: Provided security measures (e.g., disabled URL parsing, disabled URL upload mode).