Tamil Mathi T.

2 exploits Active since Oct 2025
CVE-2025-34282 NOMISEC CRITICAL WORKING POC
ThingsBoard < 4.2.1 - Server-Side Request Forgery via SVG Image Upload
ThingsBoard versions < 4.2.1 contain a server-side request forgery (SSRF) vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload a malicious SVG file that references a remote URL. If the server processes the SVG file in a way that parses external references, it may initiate unintended outbound requests. This can be used to access internal services or resources.
CVSS 9.1
CVE-2025-34282 EXPLOITDB CRITICAL python WORKING POC
ThingsBoard < 4.2.1 - Server-Side Request Forgery via SVG Image Upload
ThingsBoard versions < 4.2.1 contain a server-side request forgery (SSRF) vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload a malicious SVG file that references a remote URL. If the server processes the SVG file in a way that parses external references, it may initiate unintended outbound requests. This can be used to access internal services or resources.
CVSS 9.1