cve/CVE-2025-9821.md at b99156590a6b0c1cf0b374aa41887d37143570c8 - cve - 临风笛

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-30 18:56:19 +00:00

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

1.3 KiB

Raw Blame History

CVE-2025-9821

Description

SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosedDetailsWhen sending webhooks, the destination is not validated, causing SSRF.ImpactBypass of firewalls to interact with internal services.See https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/ for more potential impact.Resources https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html for more information on SSRF and its fix.

POC

Reference

No PoCs from references.

Github

https://github.com/fkie-cad/nvd-json-data-feeds