CVE Catalog

CVE-2025-51058

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.44%

35th percentile - higher than 35% of all known CVEs

Summary

An SSRF vulnerability in Vedo Suite 2024.17 allows authenticated attackers to send HTTP requests to arbitrary external paths via the "file" parameter in the /api_vedo/video/preview endpoint.

Risk Assessment

An attacker could exploit this to scan internal networks, access sensitive resources, or launch attacks on other systems, potentially leading to data leakage or infrastructure compromise.

Recommendation

Immediately update Vedo Suite to the latest patched version and restrict access to the /api_vedo/video/preview endpoint to trusted users only.

Original NVD description (English source)

Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery (SSRF) in the /api_vedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL parameter.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS