Server-Side Request Forgery in PerfreeBlog by Perfree
CVE-2025-60319

6.5MEDIUM

Key Information:

Vendor: Perfree
Status: PerfreeBlog
Vendor: CVE Published:; 30 October 2025

What is CVE-2025-60319?

PerfreeBlog version 4.0.11 exhibits a susceptibility to Server-Side Request Forgery (SSRF) stemming from a lack of proper authorization verification within the uploadAttachByUrl API endpoint, specifically in the AttachController.java file. This oversight allows an attacker to manipulate requests sent from the server, potentially leading to unintended information exposure or access to internal resources.

References

https://github.com/PerfreeBlog/PerfreeBlog/issues/20

https://github.com/PerfreeBlog/PerfreeBlog/commit/103c791...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Sep 26, 2025

CVE-2025-60319 Data

JSON