CVE-2025-28090

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions maccms10 version 2025.1000.4047

Description The issue is related to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature. This allows an attacker to trick the server into making unintended requests.

Recommendations For version 2025.1000.4047, consider disabling the Collection Custom Interface feature until a patch is available. Restrict access to this feature to minimize the risk of exploitation.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2025-28090

Affected Products

Maccms10

CVE-2025-28090

Weakness Enumeration

Related Identifiers

Affected Products

References · 9