CVE-2025-36845

nvd nist nuclei

Published: Jul 21, 2025Modified: Sep 12, 2025

8.6

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 4.0

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_internal/redirect.php allows for Server-Side Request Forgery (SSRF). The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only reachable by the application server.

Affected (1)

Products: Eveo: Urve Web Manager

1 product

Urve Web Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Eveo Urve Web Manager	Version 27.02.2025

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (2)

https://smartoffice.expert/en

Source: cve@mitre.org

Product

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-035.txt

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.