CNNVD-202510-2468 Information
CNNVD ID
CNNVD-202510-2468
Related CVE
- CNNVD Published: 2025-10-17
Description (Chinese)
ThingsBoard是ThingsBoard团队的一个基于Java用于IOT设备进行监控、管理、数据收集的平台。 ThingsBoard 4.2.1之前版本存在安全漏洞,该漏洞源于仪表板的Image Upload Gallery功能存在服务器端请求伪造,可能导致访问内部服务或资源。
Description (English)
ThingsBoard is a platform for monitoring, managing and collecting data based on Java for IOT equipment. There was a security loophole in the previous version of ThingsBoard 4.2.1, which resulted from the existence of server-end requests for forgery of the Image Upload Gallery on the dashboard, which could lead to access to internal services or resources.
Hazard Level
High
Vulnerability Type
其他
Published
2025-10-17
Last Modified
2026-02-24
References
https://www.vulncheck.com/advisories/thingsboard-svg-image-ssrf https://github.com/thingsboard/thingsboard/pull/13927 https://github.com/thingsboard/thingsboard/releases/tag/v4.2.1 https://access.redhat.com/security/cve/cve-2025-34282
Patch
https://github.com/thingsboard/thingsboard/releases
Share on: