CVE-2025-62719

Name of the Vulnerable Software and Affected Versions LinkAce versions prior to 2.4.0

Description LinkAce is a self-hosted archive to collect website links. The htmlKeywordsFromUrl function within the FetchController class accepts user-provided URLs and makes HTTP requests without validating the destination, leading to a Server-Side Request Forgery (SSRF) condition. This allows authenticated attackers to perform port scanning and service discovery on internal networks using the application server. The impact is limited as the function only extracts content from HTML meta keywords tags, preventing significant data exfiltration. The vulnerable function utilizes the url parameter to initiate the HTTP request.

Recommendations Upgrade to LinkAce version 2.4.0 or later.