SSRF Vulnerability in PublicCMS Affects Sanluan's Versions
CVE-2025-65836

9.1CRITICAL

Key Information:

Vendor: Sanluan
Status: PublicCMS
Vendor: CVE Published:; 1 December 2025

What is CVE-2025-65836?

A Server-Side Request Forgery (SSRF) vulnerability has been identified in PublicCMS version V5.202506.b, specifically within the chat interface of the SimpleAiAdminController. This security flaw allows attackers to send crafted requests from the server, which could lead to unauthorized actions or access sensitive resources. Users and administrators should urgently assess their systems and apply necessary patches to mitigate associated risks.

References

https://github.com/sanluan/PublicCMS

https://github.com/Hyperkopite/PublicCMS_Vulns/blob/main/...

https://github.com/sanluan/PublicCMS/issues/99

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 1, 2025
Vulnerability Reserved
Nov 18, 2025

JSON