CNNVD-202506-2979 Information

CNNVD ID

CNNVD-202506-2979

Related CVE

CVE-2025-6517

• CNNVD Published: 2025-06-23

Description (Chinese)

Dromara MaxKey是Dromara开源的一款IAM-IDaas身份管理和认证产品。 Dromara MaxKey 4.1.7及之前版本存在代码问题漏洞，该漏洞源于参数post的错误操作，导致服务端请求伪造。

Description (English)

Droma MaxKey is an IAM-IDAS identity management and authentication product from Droma Open Source. Dromara MaxKey 4.1.7 and earlier versions had a code problem loophole, which stemmed from the faulty operation of the parameter post, which led the service to request forgery.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

dromara

Published

2025-06-23

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.313637 https://vuldb.com/?id.313637 https://github.com/honorseclab/vulns/blob/main/dromara_MaxKey/SSRF.md#vulnerability-verification https://vuldb.com/?submit.593111 https://access.redhat.com/security/cve/cve-2025-6517