CVE-2025-10695

Name of the Vulnerable Software and Affected Versions OpenSupports version 4.11.0

Description Two unauthenticated diagnostic endpoints permit arbitrary backend-initiated network connections to a destination specified by an attacker. These endpoints are accessible without authentication due to a permission setting of 'any', enabling Server-Side Request Forgery (SSRF). This allows for internal network scanning and interaction with services.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.