CVE-2025-14008

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions dayrui XunRuiCMS versions up to 4.7.1

Description A server-side request forgery condition exists in dayrui XunRuiCMS. The issue is located in the file admin79f2ec220c7e.php?c=api&m=test site domain within the Project Domain Change Test component. Manipulation of the v parameter can trigger the flaw, allowing for remote exploitation. The exploit has been published. The vendor was contacted but did not respond.

Recommendations Versions prior to 4.7.1 should be used.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2025-14008

Affected Products

Xunruicms

CVE-2025-14008

Weakness Enumeration

Related Identifiers

Affected Products

References · 10