CVE Daily

CVE-2025-36845

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_inte...

High CVSS 8.6

Overview

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_internal/redirect.php allows for Server-Side Request Forgery (SSRF). The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only reachable by the application server.

CWE: CWE-918 Published: 2025-07-21T18:15:27.467
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 8.6 (HIGH)
  • Detected tags: ssrf (tag impact: MODERATE)

Recommended actions:

  • Deny access to internal/metadata addresses; use outbound allowlists.

Recommended tools

Tags