CVE Catalog

CVE-2025-25785

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

32th percentile - higher than 32% of all known CVEs

Summary

JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability in the component \c\PluginsController.php. This allows attackers to perform intranet scanning via a crafted request.

Risk Assessment

An attacker can exploit this vulnerability to map internal network infrastructure, potentially leading to further attacks on internal systems.

Recommendation

Update JizhiCMS to the latest version and implement validation and filtering mechanisms for outgoing requests to prevent unauthorized connections.

Original NVD description (English source)

JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component \c\PluginsController.php. This vulnerability allows attackers to perform an intranet scan via a crafted request.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS