PT-2025-6920 · Unknown · Filemegane
Masamu Asato
·
Published
2025-02-17
·
Updated
2025-02-18
·
CVE-2025-20075
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L |
Name of the Vulnerable Software and Affected Versions:
FileMegane versions 3.0.0.0 through 3.4.0.0
Description:
The issue exists due to a Server-Side Request Forgery (SSRF) vulnerability. This could allow executing arbitrary backend Web API requests, potentially leading to rebooting the services.
Recommendations:
For versions 3.0.0.0 through 3.4.0.0, update to a version 3.4.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to backend Web API requests until a patch is available.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Filemegane