CVE Catalog

CVE-2025-60898

MediumCVSS 5.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

18th percentile - higher than 18% of all known CVEs

Summary

An unauthenticated server-side request forgery (SSRF) vulnerability exists in the Thumbnail via-uri endpoint of Halo CMS 2.21. A remote attacker can force the server to make HTTP requests to attacker-controlled URLs, including internal network addresses.

Risk Assessment

An attacker can exploit this vulnerability to scan the internal network, access internal resources, or launch attacks against other systems, potentially leading to data leakage or infrastructure compromise.

Recommendation

Upgrade Halo CMS to the latest patched version immediately. As a temporary measure, restrict access to the Thumbnail via-uri endpoint using firewall rules or access control lists.

Original NVD description (English source)

An unauthenticated server-side request forgery (SSRF) vulnerability in the Thumbnail via-uri endpoint of Halo CMS 2.21 allows a remote attacker to cause the server to issue HTTP requests to attacker-controlled URLs, including internal addresses. The endpoint performs a server-side GET to a user-supplied URI without adequate allow/blocklist validation and returns a 307 redirect that can disclose internal URLs in the Location header.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS