ГлавнаяУязвимости → CVE-2025-36845
8.6высокая

CVE-2025-36845

Описание

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_internal/redirect.php allows for Server-Side Request Forgery (SSRF). The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only reachable by the application server.

Затрагиваемое ПО
Eveo Urve web manager
CVSS
Балл8.6 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Источники
https://smartoffice.expert/enhttps://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-035.txt