CVE-2025-25785
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk32th percentile - higher than 32% of all known CVEs
Summary
JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability in the component \c\PluginsController.php. This allows attackers to perform intranet scanning via a crafted request.
Risk Assessment
An attacker can exploit this vulnerability to map internal network infrastructure, potentially leading to further attacks on internal systems.
Recommendation
Update JizhiCMS to the latest version and implement validation and filtering mechanisms for outgoing requests to prevent unauthorized connections.
Original NVD description (English source)
JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component \c\PluginsController.php. This vulnerability allows attackers to perform an intranet scan via a crafted request.

