exploitDog

CVE-2025-10695

Опубликовано: 03 окт. 2025

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

Two unauthenticated diagnostic endpoints allow arbitrary backend-initiated network connections to an attacker‑supplied destination. Both endpoints are exposed with permission => 'any', enabling unauthenticated SSRF for internal network scanning and service interaction.

This issue affects OpenSupports: 4.11.0.

Ссылки

https://fluidattacks.com/advisories/freer
Exploit
Third Party Advisory
https://github.com/opensupports/opensupports
Product
https://fluidattacks.com/advisories/freer
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opensupports:opensupports:4.11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 20%

0.00066

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-5686-39p2-jcpx

CVSS3: 5.3

github

4 месяца назад

Two unauthenticated diagnostic endpoints allow arbitrary backend-initiated network connections to an attacker‑supplied destination. Both endpoints are exposed with permission => 'any', enabling unauthenticated SSRF for internal network scanning and service interaction. This issue affects OpenSupports: 4.11.0.

EPSS

Процентиль: 20%

0.00066

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-918