CVE-2025-3691

Published: Apr 16, 2025Modified: Apr 24, 2025

5.1

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was found in mirweiye Seven Bears Library CMS 2023. It has been classified as problematic. Affected is an unknown function of the component Add Link Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Affected (1)

Products: Mirweiye: Seven Bears Library Cms

1 product

Seven Bears Library Cms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mirweiye Seven Bears Library Cms	Before 2023

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (5)

https://github.com/KKDT12138/CVE/blob/main/cve2.pdf

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.304980

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.304980

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.553507

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://github.com/KKDT12138/CVE/blob/main/cve2.pdf

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.