CVE-2025-52196

Name of the Vulnerable Software and Affected Versions Ctera Portal versions 8.1.x (8.1.1417.24)

Description A Server-Side Request Forgery (SSRF) issue exists in Ctera Portal. This allows remote attackers to make arbitrary HTTP requests by providing a crafted HTML file containing an iframe. The vulnerability allows an attacker to induce the server to make requests on their behalf.

Recommendations Update Ctera Portal to a newer version that addresses this vulnerability. As a temporary workaround, restrict access to HTML file uploads or carefully validate the content of uploaded files to prevent the inclusion of malicious iframes.