PT-2025-22822 · Thehive · Thehive
Published
2025-05-23
·
Updated
2025-05-24
·
CVE-2025-48739
CVSS v4.0
4.6
Medium
| Vector | AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
TheHive versions 5.2.0 through 5.2.15
TheHive versions 5.3.0 through 5.3.10
TheHive versions 5.4.0 through 5.4.9
TheHive versions 5.5.0
Description
A Server-Side Request Forgery (SSRF) issue allows remote authenticated attackers with admin permissions to manipulate URLs, directing requests to unexpected hosts or ports. This enables the attacker to use the server as a proxy to reach internal or restricted resources, potentially accessing other servers on the internal network.
Recommendations
For versions 5.2.0 through 5.2.15, update to version 5.2.16 or later.
For versions 5.3.0 through 5.3.10, update to version 5.3.11 or later.
For versions 5.4.0 through 5.4.9, update to version 5.4.10 or later.
For version 5.5.0, update to version 5.5.1 or later.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Thehive