PT-2025-40951 · Kuno Cms · Kuno Cms
Xuemian168
·
Published
2025-10-06
·
Updated
2025-10-07
·
CVE-2025-61768
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
KUNO CMS versions prior to 1.3.15
Description
KUNO CMS is a full-stack blog application. A Server-Side Request Forgery (SSRF) issue exists in the Media module of the administrative panel. An administrator can upload a specially crafted SVG file with an external image reference, causing the server to connect to an arbitrary external URL. This could lead to information disclosure or internal network probing. SSRF is a web security issue that allows an attacker to cause the server to make HTTP requests to an arbitrary domain of the attacker's choosing.
Recommendations
Update to KUNO CMS version 1.3.15 or later.
Exploit
Fix
SSRF
Unrestricted File Upload
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Kuno Cms