CVE-2025-52163

Medium CVSS 6.5

Overview

A Server-Side Request Forgery (SSRF) in the component TunnelServlet of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows attackers to forcefully initiate connections to arbitrary internal and external resources via a crafted request. This can lead to sensitive data exposure.

CWE: CWE-918 Published: 2025-07-18T19:15:24.220

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.5 (MEDIUM)
Detected tags: ssrf (tag impact: MODERATE)

Recommended actions:

Deny access to internal/metadata addresses; use outbound allowlists.

Overview

Recommended tools

Tags