CVE-2025-1799

Name of the Vulnerable Software and Affected Versions Zorlan SkyCaiji version 2.9

Description A critical vulnerability was found in Zorlan SkyCaiji, affecting the previewAction function of the file vendor/skycaiji/app/admin/controller/Tool.php. The manipulation of the data argument leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Zorlan SkyCaiji version 2.9, as a temporary workaround, consider disabling the previewAction function until a patch is available. Restrict access to the vendor/skycaiji/app/admin/controller/Tool.php file to minimize the risk of exploitation. Avoid using the data argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.