Server-Side Request Forgery Vulnerability in Mirweiye Seven Bears Library CMS 2023
CVE-2025-3691

5.3MEDIUM

Key Information:

Vendor: Mirweiye
Status: Seven Bears Library CMS
Vendor: CVE Published:; 16 April 2025

What is CVE-2025-3691?

A security flaw exists in the Mirweiye Seven Bears Library CMS 2023, specifically in an unknown function of the Add Link Handler component. This imperfection allows for server-side request forgery (SSRF), which enables potential attackers to manipulate the server into making unauthorized requests. The vulnerability can be exploited remotely and has been made publicly known, making it crucial for users to assess their systems for possible exposure.

References

https://github.com/KKDT12138/CVE/blob/main/cve2.pdf

https://vuldb.com/?ctiid.304980

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2025

JSON