Unauthorized Network Access Vulnerability in OpenSupports by Fluidattacks
CVE-2025-10695

6.9MEDIUM

Key Information:

Vendor: Opensupports
Status: Opensupports
Vendor: CVE Published:; 3 October 2025

🔔 Create Opensupports Vulnerability Alert

What is CVE-2025-10695?

OpenSupports versions prior to 4.11.0 are susceptible to a server-side request forgery (SSRF) vulnerability. This issue arises from two diagnostic endpoints that allow unauthorized actors to establish arbitrary outbound network connections to any attacker-defined destination. The endpoints, which require permission set to 'any', expose internal services and enable potential internal network scanning, leading to exposure of sensitive data and services. It is critical for users of affected versions to review and implement necessary security measures to mitigate this risk.

Affected Version(s)

OpenSupports Windows 4.11.0

References

https://fluidattacks.com/advisories/freer

third-party-advisory

https://github.com/opensupports/opensupports

product

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2025
Vulnerability Reserved
Sep 18, 2025

JSON