SSRF Vulnerability in KUNO CMS Media Module
CVE-2025-61768

5.1MEDIUM

Key Information:

Vendor

Xuemian168

Status
Kuno
Vendor
CVE Published:
6 October 2025

What is CVE-2025-61768?

A vulnerability in the Media module of KUNO CMS allows an authenticated administrator to upload a malicious SVG file. This file can contain an external image reference that prompts the server to make unintended outgoing connections to external URLs. Such actions can lead to unauthorized information disclosure and potential probing of internal networks. A patch has been released in version 1.3.15 to mitigate this risk.

Affected Version(s)

kuno < 1.3.15

References

https://github.com/xuemian168/kuno/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/xuemian168/kuno/commit/804b2909c65b16a...
x_refsource_MISC
https://github.com/xuemian168/kuno/releases/tag/v1.3.15
x_refsource_MISC

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-61768 : SSRF Vulnerability in KUNO CMS Media Module