CVE-2025-10393 MEDIUM

CVE-2025-10393: miurla morphic HTTP Status Code 3xx advanced-search fetchHtml server-side request forgery

Vendor Miurla
Product morphic
Weakness CWE-918 · SSRF
Published September 14, 2025
Last update September 15, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A flaw has been found in miurla morphic up to 0.4.5. This impacts the function fetchHtml of the file /api/advanced-search of the component HTTP Status Code 3xx Handler. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used.

Key dates

02Disclosure timeline

September 14, 2025 CVE published
September 15, 2025 Record updated