CVE-2025-10329

MEDIUM

Unmark < 1.9.3 - SSRF

Title source: rule

Description

A vulnerability was detected in cdevroe unmark up to 1.9.3. This affects an unknown part of the file /application/controllers/Marks.php. The manipulation of the argument url results in server-side request forgery. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.323755

Permissions Required, Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.323755

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.643531

Exploit related

https://github.com/YZS17/CVE/blob/main/unmark/ssrf1.md

View Exploit ZIP pw:eip

Exploit exploit

https://github.com/YZS17/CVE/blob/main/unmark/ssrf1.md#poc

View Exploit ZIP pw:eip

Scores

CVSS v3 6.3

EPSS 0.0009

EPSS Percentile 25.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (1)

unmark/unmark < 1.9.3

Published Sep 12, 2025

Tracked Since Feb 18, 2026