What the vulnerability does
01Description
CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker configures the application to access a malicious url.
CVSS base score
7.5/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Key dates
02Disclosure timeline
August 20, 2025
CVE published
August 20, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-59527 FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability
CVE-2026-26138 Microsoft Purview Elevation of Privilege Vulnerability
CVE-2024-4325 Server-Side Request Forgery (SSRF) in gradio-app/gradio
CVE-2024-10524 GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs
CVE-2026-7146 AlejandroArciniegas mcp-data-vis HTTP Request server.js axios server-side request forgery
