Unauthenticated SSRF Vulnerability in Manager Accounting Software by Manager-io
CVE-2025-54122

10CRITICAL

Key Information:

Vendor: Manager-io
Status: Manager
Vendor: CVE Published:; 21 July 2025

What is CVE-2025-54122?

A serious vulnerability in Manager accounting software allows unauthenticated attackers to exploit the proxy handler component. This Server-Side Request Forgery (SSRF) issue affects both the Desktop and Server editions up to version 25.7.18.2519, permitting threat actors to bypass network isolation and restrictions. An attacker can gain unauthorized access to internal services and cloud metadata endpoints, posing a significant risk of data exfiltration. This vulnerability has been addressed in version 25.7.21.2525.

Affected Version(s)

Manager < 25.7.21.2525

References

https://github.com/Manager-io/Manager/security/advisories...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2025
Vulnerability Reserved
Jul 16, 2025