Server-Side Request Forgery Vulnerability in Intera InHire by Intera Group
CVE-2025-6142

5.3MEDIUM

Key Information:

Vendor

Intera

Status
Inhire
Vendor
CVE Published:
16 June 2025

What is CVE-2025-6142?

A vulnerability exists in Intera InHire versions up to 20250530, where improper handling of an argument allows remote attackers to execute server-side request forgery (SSRF) attacks. This flaw can be exploited through manipulated HTTP requests, potentially leading to unauthorized access to sensitive internal resources. Despite early notification to the vendor regarding the vulnerability, there has been no response or resolution provided. This lack of communication raises concerns about the security measures in place and the urgency for users to address the risk.

Affected Version(s)

InHire 20250530

References

https://vuldb.com/?id.312613
vdb-entrytechnical-description
https://vuldb.com/?ctiid.312613
signaturepermissions-required
https://vuldb.com/?submit.587665
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Samuel Jesus (VulDB User)
JSON
.