CVE-2025-50125

CVSS

No CVSS.

A

CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote code execution when the server is accessed via the network with knowledge of hidden URLs and manipulation of host request header.

References

Link	Resource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-189-01.pdf
http://seclists.org/fulldisclosure/2025/Jul/10

Configurations

No configuration.

History

03 Nov 2025, 20:19

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2025/Jul/10 -

15 Jul 2025, 13:14

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad CWE-918: Server-Side Request Forgery (SSRF) que podría provocar la ejecución de código remoto no autenticado cuando se accede al servidor a través de la red con conocimiento de URL ocultas y manipulación del encabezado de solicitud del host.

14 Jul 2025, 00:15

Type	Values Removed	Values Added
Summary	(en) CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote code execution when the server is accessed via the network with knowledge of hidden URLs and manipulation of host request header.	(en) A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote code execution when the server is accessed via the network with knowledge of hidden URLs and manipulation of host request header.
CVSS	v2 : ~~unknown~~ v3 : ~~7.2~~	v2 : unknown v3 : unknown

11 Jul 2025, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-11 11:15

Updated : 2025-11-03 20:19

NVD link : CVE-2025-50125

Mitre link : CVE-2025-50125

CVE.ORG link : CVE-2025-50125

JSON object : View

Products Affected

No product.

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2025-50125", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-11T11:15:23.750", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-189-01.pdf", "source": "[email protected]"}, {"url": "http://seclists.org/fulldisclosure/2025/Jul/10", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "A\n\n\n\nCWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote\ncode execution when the server is accessed via the network with knowledge of hidden URLs and manipulation\nof host request header."}, {"lang": "es", "value": "Existe una vulnerabilidad CWE-918: Server-Side Request Forgery (SSRF) que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo remoto no autenticado cuando se accede al servidor a trav\u00e9s de la red con conocimiento de URL ocultas y manipulaci\u00f3n del encabezado de solicitud del host."}], "lastModified": "2025-11-03T20:19:12.373", "sourceIdentifier": "[email protected]"}