CVE-2025-61768 MEDIUM

CVE-2025-61768: Kuno CMS Vulnerable to Server-Side Request Forgery (SSRF) via Unsafe SVG Upload

Vendor Xuemian168

Product kuno

Weakness CWE-20 · Input validation

Published October 6, 2025

Last update October 7, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:N

What the vulnerability does

01Description

KUNO CMS is a fully deployable full-stack blog application. In versions prior to 1.3.15, an SSRF (Server-Side Request Forgery) vulnerability exists in the Media module of the Kuno CMS administrative panel. A logged-in administrator can upload a specially crafted SVG file containing an external image reference, causing the server to initiate an outgoing connection to an arbitrary external URL. This can lead to information disclosure or internal network probing. Version 1.3.15 contains a fix for the issue.

Key dates

02Disclosure timeline

October 6, 2025 CVE published

October 7, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-61768 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

CVE-2025-61768: Kuno CMS Vulnerable to Server-Side Request Forgery (SSRF) via Unsafe SVG Upload

01Description

02Disclosure timeline

03References

04Related CVE