← Zuruck zu CVEs
CVE-2025-9821
LOW2.7
Beschreibung
SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed DetailsWhen sending webhooks, the destination is not validated, causing SSRF. ImpactBypass of firewalls to interact with internal services. See https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/ for more potential impact. Resources https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html for more information on SSRF and its fix.
CVE Details
CVSS v3.1 Bewertung2.7
SchweregradLOW
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionNONE
Veroffentlicht9/3/2025
Zuletzt geandert9/4/2025
Quellenvd
Honeypot-Sichtungen0
Schwachen (CWE)
CWE-918
Referenzen
https://github.com/mautic/mautic/security/advisories/GHSA-hj6f-7hp7-xg69(security@mautic.org)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.