PT-2025-37356 · Unknown · Cdevroe Unmark

Xu-17

Published

2025-09-12

Updated

2025-09-13

CVE-2025-10329

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: cdevroe unmark versions up to 1.9.3

Description: A vulnerability exists in cdevroe unmark up to version 1.9.3. The issue affects an unknown part of the file /application/controllers/Marks.php and allows for server-side request forgery through manipulation of the url argument. This attack can be launched remotely. The exploit is publicly available. The vendor was contacted but did not respond.

Recommendations: Update cdevroe unmark to a version later than 1.9.3. As a temporary workaround, restrict or disable access to the /application/controllers/Marks.php file. Avoid using the url parameter in the affected file until the issue is resolved.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2025-10329

Affected Products

Cdevroe Unmark

PT-2025-37356 · Unknown · Cdevroe Unmark

CVE-2025-10329

Weakness Enumeration

Related Identifiers

Affected Products

References · 10