Server-Side Request Forgery in Magicblack MacCMS by Magicblack
CVE-2025-10395

5.1MEDIUM

Key Information:

Vendor

Magicblack

Status
Maccms
Vendor
CVE Published:
14 September 2025

What is CVE-2025-10395?

A vulnerability exists in the Magicblack MacCMS that allows for server-side request forgery through manipulation of the 'cjurl' argument in the Scheduled Task Handler component. This flaw could enable attackers to initiate remote attacks, leading to unauthorized access to internal resources. Users should take immediate precautions to secure their systems against this threat.

Affected Version(s)

MacCMS 2025.1000.4050

References

https://vuldb.com/?id.323830
vdb-entrytechnical-description
https://vuldb.com/?ctiid.323830
signaturepermissions-required
https://vuldb.com/?submit.645798
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yu Bao (VulDB User)
.
CVE-2025-10395 : Server-Side Request Forgery in Magicblack MacCMS by Magicblack