CNNVD-202510-2415 Information

CNNVD ID

CNNVD-202510-2415

Related CVE

CVE-2025-60279

• CNNVD Published: 2025-10-17

Description (Chinese)

ILLA Builder是ILLA Cloud开源的一个低代码平台。 ILLA Builder v4.8.5之前版本存在安全漏洞，该漏洞源于API允许发送任意请求，可能导致服务端请求伪造攻击。

Description (English)

ILLA Builder is a low-code platform for ILLA Cloud. The previous version of ILLA Builder v.4.8.5 had a security loophole, which stemmed from the fact that API allowed arbitrary requests to be sent, which could lead to a request for a false attack from the service.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

ILLA Cloud

Published

2025-10-17

Last Modified

2026-02-24

References

https://github.com/lukehebe/Vulnerability-Disclosures/blob/main/CVE-2025-60279.pdf https://owasp.org/www-community/attacks/Server_Side_Request_Forgery https://access.redhat.com/security/cve/cve-2025-60279

Patch

https://github.com/illacloud/illa-builder/releases