CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,699 vulnerabilities with CWE-918
CVE-2025-9414 MEDIUM
kodbox 1.61 - Server-Side Request Forgery via Download from Link Handler
CVSS 4.7
CVE-2025-54370 HIGH
PhpSpreadsheet <1.30.0, 2.0.0-2.1.11, 2.2.0-2.3.9, 3.0.0-3.9.9, 4.0.0-4.9.9 SSRF via Drawing setPath
CVE-2025-9402 MEDIUM
UTCMS 9 - Server-Side Request Forgery via UPDATEURL Parameter
CVSS 4.7
CVE-2025-9395 MEDIUM
wangsongyan wblog 0.0.1 - Server-Side Request Forgery via RestorePost Function
CVSS 6.3
CVE-2025-7813 HIGH
Eventin <= 4.0.37 - Unauthenticated Server-Side Request Forgery via proxy_image
CVSS 7.2
CVE-2025-8678 MEDIUM
WP Crontrol 1.17.0-1.19.1 - Authenticated Server-Side Request Forgery via wp_remote_request
CVSS 5.9
CVE-2025-43747 MEDIUM
Liferay DXP 2025.Q2.0-2025.Q2.3 SSRF via Analytics Domain Validation Bypass
CVSS 6.5
CVE-2025-47700 LOW
Mattermost Server 10.5.0-10.5.9 - Server-Side Request Forgery via Empty Request Body Handling
CVSS 3.5
CVE-2025-27217 CRITICAL
UISP Application >=2.4.220 <2.4.220 - Server-Side Request Forgery
CVSS 9.1
CVE-2025-1142 MEDIUM
IBM Edge Application Manager 4.5 - Authenticated Server-Side Request Forgery
CVSS 5.4
CVE-2025-54925 HIGH
Schneider Electric EcoStruxure PME and EPO - URL Configuration Server-Side Request Forgery
CVSS 7.5
CVE-2025-54924 HIGH
Schneider Electric EcoStruxure PME and EPO - Crafted Document Server-Side Request Forgery
CVSS 7.5
CVE-2025-5260 HIGH
Pik Online < 3.1.5 - Server-Side Request Forgery
CVSS 8.6
CVE-2025-54234 LOW
ColdFusion <= 2025.1, 2023.13, 2021.19 - Authenticated Server-Side Request Forgery
CVSS 2.7
CVE-2025-8675 HIGH
Drupal AI SEO Link Advisor < 1.0.6 - Server-Side Request Forgery
CVSS 8.8
CVE-2025-8013 LOW
Quttera Web Malware Scanner <3.5.1.41 - SSRF
CVSS 3.8
CVE-2025-8680 MEDIUM
B Slider-Gutenberg Slider Block WP <2.0.0 - SSRF
CVSS 4.3
CVE-2025-53241 MEDIUM
kodeshpa Simplified <= 1.0.11 - Server-Side Request Forgery
CVSS 5.5
CVE-2025-28987 MEDIUM
WordPress PressForward <= 5.9.5 - Server-Side Request Forgery
CVSS 6.4
CVE-2025-50251 CRITICAL
makeplane plane 0.23.1 - Server-Side Request Forgery via Password Recovery
CVSS 9.1
CVE-2025-53760 HIGH
Microsoft SharePoint Server - Server-Side Request Forgery
CVSS 7.1
CVE-2025-7622 MEDIUM
Axis Camera Station - Authenticated Server-Side Request Forgery
CVSS 5.7
CVE-2025-55161 HIGH
Stirling-PDF < 1.1.0 - Server-Side Request Forgery via Markdown to PDF Conversion
CVSS 8.6
CVE-2025-55151 HIGH
Stirling-PDF < 1.1.0 - Server-Side Request Forgery via Convert File to PDF Endpoint
CVSS 8.6
CVE-2025-55150 HIGH
stirling_pdf < 1.1.0 - Server-Side Request Forgery via HTML to PDF Conversion
CVSS 8.6
Details
Vulnerabilities 2,699
Links
MITRE CWE Entry Search this CWE With Exploits