Server-Side Request Forgery in JizhiCMS 2.5.4 by Jizhi Technology
CVE-2025-25785

9.1CRITICAL

Key Information:

Vendor

Jizhi Technology

Status
JizhiCMS
Vendor
CVE Published:
26 February 2025

What is CVE-2025-25785?

JizhiCMS version 2.5.4 is vulnerable to a Server-Side Request Forgery (SSRF) via the component \c\PluginsController.php, enabling attackers to exploit the vulnerability to perform unauthorized intranet scanning through specially crafted requests. This flaw can potentially expose sensitive information and disrupt internal services.

References

http://jizhicms.com
https://www.jizhicms.cn/

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.