CVE-2025-13809

Name of the Vulnerable Software and Affected Versions orionsec orion-ops versions up to 5925824997a3109651bbde07460958a7be249ed1

Description A server-side request forgery condition exists in the SSH Connection Handler component of orionsec orion-ops. The issue is related to the manipulation of the host, sshPort, username, password, and authType arguments within the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java. This manipulation can be performed remotely. The exploit has been publicly disclosed.

Recommendations Apply a patch to remediate this issue.