CVE-2025-71247

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.9

Description SPIP before version 4.4.9 contains a Blind Server-Side Request Forgery (SSRF) issue related to syndicated sites within the private area. The application does not validate the syndication URL when editing a syndicated site, potentially allowing an authenticated attacker to force the server to make requests to arbitrary internal or external destinations. The SPIP security screen does not mitigate this issue.

Recommendations Update to SPIP version 4.4.9 or later.