CVE-2025-36845 Information
Jul 22, 2025
cve
Description
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_internal/redirect.php allows for Server-Side Request Forgery (SSRF). The endpoint takes a URL as input sends a request to this address and reflects the content in the response. This can be used to request endpoints only reachable by the application server.
Reference
https://smartoffice.expert/en https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-035.txt
Related CNNVD
CNNVD-202507-2686 (Published: 2025-07-21)
Share on: