exploitDog

CVE-2025-51058

Опубликовано: 06 авг. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery (SSRF) in the /api_vedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL parameter.

Ссылки

http://bottinelli.com
Broken Link
https://github.com/jacopoaugelli/vedo-suite-exploits
Exploit
https://github.com/jacopoaugelli/vedo-suite-exploits
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vedo_suite_project:vedo_suite:2024.17:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.00047

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-542r-gq27-gqw4

CVSS3: 6.5

github

6 месяцев назад

Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery (SSRF) in the /api_vedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL parameter.

EPSS

Процентиль: 15%

0.00047

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-918