CVE-2025-45887

Name of the Vulnerable Software and Affected Versions Yifang CMS version 2.0.2

Description The issue is related to Server-Side Request Forgery (SSRF) in the "/api/file/getRemoteContent" API endpoint. This allows an attacker to forge requests from the server to an arbitrary destination, potentially leading to unauthorized access or data exposure.

Recommendations For Yifang CMS version 2.0.2, as a temporary workaround, consider disabling the "/api/file/getRemoteContent" API endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.