CVE-2025-9414

Name of the Vulnerable Software and Affected Versions: kalcaddle kodbox version 1.61

Description: A server-side request forgery issue exists in kalcaddle kodbox 1.61. The issue affects an unknown functionality of the file /?explorer/upload/serverDownload within the Download from Link Handler component. Manipulation of the url argument can lead to server-side request forgery. Remote exploitation is possible, and the exploit has been made public. The vendor was contacted regarding this disclosure but did not respond.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.