CVE-2025-10787

MEDIUM

MuYuCMS <2.7 - SSRF

Title source: llm

Description

A vulnerability was found in MuYuCMS up to 2.7. Impacted is an unknown function of the file /index/index.html of the component Add Fiend Link Handler. Performing manipulation of the argument Link URL results in server-side request forgery. The attack may be initiated remotely. The exploit has been made public and could be used.

Exploits (1)

gitee 58 stars

by monst · phpwriteup

https://gitee.com/MuYuCMS/MuYuCMS/issues/ICXV34

References (4)

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.325144

[Issue Tracking] https://gitee.com/MuYuCMS/MuYuCMS/issues/ICXV34

[Permissions Required, VDB Entry] https://vuldb.com/?id.325144

[Permissions Required, VDB Entry] https://vuldb.com/?submit.653888

Scores

CVSS v3 6.3

EPSS 0.0004

EPSS Percentile 13.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-918

Status published

Products (8)

n/a/MuYuCMS 2.0

n/a/MuYuCMS 2.1

n/a/MuYuCMS 2.2

n/a/MuYuCMS 2.3

n/a/MuYuCMS 2.4

n/a/MuYuCMS 2.5

n/a/MuYuCMS 2.6

n/a/MuYuCMS 2.7

Published Sep 22, 2025

Tracked Since Feb 18, 2026