CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,699 vulnerabilities with CWE-918
CVE-2025-9269 MEDIUM
Lexmark Embedded Web Server - Server-Side Request Forgery
CVE-2025-5005 HIGH
Shanghai Lingdang Information Technology Lingdang CRM <8.6.5.4 - SSRF
CVSS 7.3
CVE-2025-58977 MEDIUM
Rhys Wynne WP eBay Product Feeds <3.4.8 - SSRF
CVSS 4.9
CVE-2025-54249 MEDIUM
Adobe Experience Manager < 6.5.23.0 - Server-Side Request Forgery
CVSS 6.5
CVE-2025-49430 HIGH
FWDesign Ultimate Video Player <10.1 - SSRF
CVSS 7.2
CVE-2025-47437 MEDIUM
LiteSpeed Cache <= 7.0.1 - Server-Side Request Forgery
CVSS 6.4
CVE-2025-55139 MEDIUM
Ivanti Connect Secure <22.7R2.9,22.8R2 - SSRF
CVSS 6.8
CVE-2025-9065 HIGH
Rockwell Automation ThinManager - SSRF
CVSS 8.8
CVE-2025-43763 MEDIUM
Liferay Portal 7.4.0-7.4.3.131 & DXP 2024.Q1.1-2024.Q1.20 SSRF via Custom Object Attachment Fields
CVSS 6.5
CVE-2025-10096 MEDIUM
SimStudioAI sim parse route - filePath Server-Side Request Forgery
CVSS 6.3
CVE-2025-8085 HIGH
Ditty < 3.1.58 - Unauthenticated Server-Side Request Forgery via displayItems Endpoint
CVSS 8.6
CVE-2025-58829 MEDIUM
Ai Auto Tool Content Writing Assistant - SSRF
CVSS 4.9
CVE-2025-58179 HIGH
@astrojs/cloudflare 11.0.3-12.6.5 - Server-Side Request Forgery via Image Optimization Endpoint
CVSS 7.2
CVE-2025-58641 MEDIUM
kamleshyadav Exit Intent Popup <1.0.1 - SSRF
CVSS 5.4
CVE-2025-58615 MEDIUM
WP Bannerize Pro <= 1.10.0 - Server-Side Request Forgery
CVSS 4.4
CVE-2025-9821 LOW
Mautic 4.4.0-4.4.16, 5.0.0-alpha-5.2.7, 6.0.0-alpha-6.0.4 - Server-Side Request Forgery via Webhook Destination
CVSS 2.7
CVE-2025-9805 MEDIUM
SimStudioAI sim image proxy - Server-Side Request Forgery
CVSS 6.3
CVE-2025-9799 MEDIUM
langfuse < 3.88.0 - Server-Side Request Forgery via Webhook Handler
CVSS 5.0
CVE-2025-55007 LOW
Knowage < 8.1.37 - Server-Side Request Forgery
CVSS 3.5
CVE-2025-57822 MEDIUM
Next.js < 14.2.32 - Server-Side Request Forgery via next() Function
CVSS 6.5
CVE-2025-53250 MEDIUM
Chartbeat <= 2.0.7 - Server-Side Request Forgery
CVSS 6.4
CVE-2025-48364 MEDIUM
vEnCa-X rajce <= 0.4.2 - Server-Side Request Forgery
CVSS 4.9
CVE-2025-58203 MEDIUM
Solace Extra <= 1.3.2 - Server-Side Request Forgery
CVSS 4.4
CVE-2025-57818 MEDIUM
firecrawl < 2.0.1 - Authenticated Server-Side Request Forgery via Webhook Configuration
CVSS 6.3
CVE-2025-57814 MEDIUM
request-filtering-agent < 2.0.0 - Server-Side Request Forgery via HTTPS 127.0.0.1 Bypass
Details
Vulnerabilities 2,699
Links
MITRE CWE Entry Search this CWE With Exploits