PT-2025-42614 · Illia Cloud · Illia-Builder

Published

2025-10-17

Updated

2025-10-22

CVE-2025-60279

CVSS v3.1

9.6

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Illia Cloud illia-Builder versions prior to 4.8.5

Description A server-side request forgery (SSRF) flaw exists in Illia Cloud illia-Builder, allowing authenticated users to send arbitrary requests to internal services through the API. An attacker can use this to identify open ports based on response differences and interact with internal services. The issue stems from insufficient validation or sanitization of user-provided input, enabling manipulation of server requests.

Recommendations Update Illia Cloud illia-Builder to version 4.8.5 or later.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2025-60279

Affected Products

Illia-Builder

PT-2025-42614 · Illia Cloud · Illia-Builder

CVE-2025-60279

Weakness Enumeration

Related Identifiers

Affected Products

References · 8