CVE-2025-59055

Name of the Vulnerable Software and Affected Versions: InstantCMS versions through 2.17.3

Description: InstantCMS is a free and open source content management system. A blind Server-Side Request Forgery (SSRF) vulnerability exists that allows authenticated remote attackers to make arbitrary HTTP/HTTPS requests via the package parameter. This is possible within the installer functionality. Exploitation can lead to scanning the local network, calling local services and their functions, conducting a Denial-of-Service (DoS) attack, and disclosing a server's real IP address if it is behind a reverse proxy. It is also possible to exhaust server resources by sending numerous requests.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.