CVE-2025-5005

Name of the Vulnerable Software and Affected Versions: Lingdang CRM versions through 8.6.5.4

Description: A server-side request forgery (SSRF) issue exists in Shanghai Lingdang Information Technology Lingdang CRM. The vulnerability is due to the manipulation of the corpurl argument within an unknown function of the crm/WeiXinApp/dingtalk/index event.php file. This allows for remote attacks. The exploit is publicly available.

Recommendations: Versions prior to 8.6.5.4: At the moment, there is no information about a newer version that contains a fix for this vulnerability.