Server-Side Request Forgery in NucleoidAI Nucleoid
CVE-2025-11864

6.9MEDIUM

Key Information:

Vendor

Nucleoidai

Status
Nucleoid
Vendor
CVE Published:
16 October 2025

What is CVE-2025-11864?

A vulnerability has been discovered in NucleoidAI Nucleoid versions up to 0.7.10 within the outbound request handler. The issue resides in the function 'extension.apply' located in /src/cluster.ts. This flaw allows an attacker to manipulate arguments related to remote server requests, leading to potential exploitation via server-side request forgery (SSRF). Such an attack can be executed remotely, posing a significant risk to server integrity and confidentiality.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Nucleoid 0.7.0

Nucleoid 0.7.1

Nucleoid 0.7.2

References

https://vuldb.com/?id.328809
vdb-entrytechnical-description
https://vuldb.com/?ctiid.328809
signaturepermissions-required
https://vuldb.com/?submit.669928
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

lakshay12311 (VulDB User)
JSON
.