CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,708 vulnerabilities with CWE-918
CVE-2025-47293 LOW
PowSyBl < 6.7.2 - XML External Entity Injection and Server-Side Request Forgery via XmlReader
CVE-2025-23172 HIGH
Versa Director 21.2.2, 21.2.3, 22.1.1-22.1.4 - Authenticated Server-Side Request Forgery via Webhook Feature
CVSS 7.2
CVE-2025-30680 HIGH
Trend Micro Apex Central (SaaS) < 2025-03-01 - Server-Side Request Forgery via Parameter Manipulation
CVSS 7.1
CVE-2025-30679 MEDIUM
Trend Micro Apex Central - Server-Side Request Forgery via modOSCE Parameter Manipulation
CVSS 6.5
CVE-2025-30678 MEDIUM
Trend Micro Apex Central - Server-Side Request Forgery in modTMSM Component
CVSS 6.5
CVE-2025-49877 MEDIUM
Metagauss ProfileGrid <5.9.5.2 - SSRF
CVSS 4.9
CVE-2025-6142 MEDIUM
Intera InHire <= 20250530 - Server-Side Request Forgery via 29chcotoo9 Argument
CVSS 6.3
CVE-2025-6087 CRITICAL
@opennextjs/cloudflare < 1.3.0 - Unauthenticated Server-Side Request Forgery via /_next/image Endpoint
CVSS 9.1
CVE-2025-49190 MEDIUM
SICK Field Analytics - Server-Side Request Forgery via Internal Endpoint
CVSS 4.3
CVE-2025-44043 MEDIUM
Keyoti SearchUnit < 9.0.0 - Server-Side Request Forgery via SearchService.svc Endpoints
CVSS 5.4
CVE-2025-30220 CRITICAL
GeoServer WFS - XXE Processing Vulnerability
CVSS 9.9
CVE-2025-27817 HIGH
Apache Kafka Client - Arbitrary File Read
CVSS 7.5
CVE-2025-42988 LOW
SAP Business Objects - Info Disclosure
CVSS 3.7
CVE-2025-30997 MEDIUM
SmartDataSoft Car Repair Services <5.0 - SSRF
CVSS 5.4
CVE-2025-30976 MEDIUM
Nexa Blocks <= 1.1.1 - Server-Side Request Forgery
CVSS 4.9
CVE-2025-29008 MEDIUM
ShawonPro SocialMark <= 2.0.7 - Server-Side Request Forgery
CVSS 4.9
CVE-2025-46341 HIGH
FreshRSS < 1.26.2 - Authenticated Server-Side Request Forgery via Add Feed Functionality
CVSS 7.1
CVE-2025-48962 MEDIUM
Acronis Cyber Protect <39938 - Info Disclosure
CVSS 4.3
CVE-2025-5510 MEDIUM
quequnlong shiyi-blog <1.2.1 - SSRF
CVSS 6.3
CVE-2025-37090 CRITICAL
HPE StoreOnce System < 4.3.11 - Server-Side Request Forgery
CVSS 9.8
CVE-2025-5327 MEDIUM
chshcms mccms 2.7 - Server-Side Request Forgery via Gf.php Pic Argument
CVSS 6.3
CVE-2025-4967 CRITICAL
Esri Portal for ArcGIS < 11.4 - Unauthenticated Server-Side Request Forgery
CVSS 9.1
CVE-2025-45474 HIGH
MacCMS Email Settings - Server-Side Request Forgery
CVSS 7.3
CVE-2025-5276 HIGH
mcp-markdownify-server - Server-Side Request Forgery via Markdownify.get() Function
CVSS 7.4
CVE-2025-45475 MEDIUM
MacCMS Friend Link Management - Server-Side Request Forgery
CVSS 5.4
Details
Vulnerabilities 2,708
Links
MITRE CWE Entry Search this CWE With Exploits