PT-2025-31876 · Unknown · Cloudfavorites Favorites-Web
Zast.Ai
·
Published
2025-08-04
·
Updated
2025-08-05
·
CVE-2025-8529
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
cloudfavorites favorites-web versions up to 1.3.0
Description
A critical vulnerability exists in cloudfavorites favorites-web. The
getCollectLogoUrl function within the app/src/main/java/com/favorites/web/CollectController.java file is susceptible to server-side request forgery (SSRF). Manipulation of the url argument can trigger this issue, allowing for remote exploitation. The exploit has been publicly disclosed.Recommendations
Update cloudfavorites favorites-web to a version later than 1.3.0.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cloudfavorites Favorites-Web