CVE-2025-0474

Name of the Vulnerable Software and Affected Versions Invoice Ninja versions 5.8.56 through 5.11.23

Description Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery (SSRF), allowing for arbitrary file read and network resource requests as the application user. This issue enables attackers to perform arbitrary file reads and network requests.

Recommendations For versions 5.8.56 through 5.11.23, as a temporary workaround, consider restricting access to sensitive files and network resources to minimize the risk of exploitation. However, the provided information does not specify a fixed version or patch, so at the moment, there is no information about a newer version that contains a fix for this vulnerability.