CVE-2025-34282

CRITICAL

ThingsBoard < 4.2.1 - Server-Side Request Forgery via SVG Image Upload

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-34282. PoCs published by 9tamilmathi, mathitam.

AI-analyzed exploit summary This exploit demonstrates a Server-Side Request Forgery (SSRF) vulnerability in ThingsBoard IoT Platform versions before 4.2.1. It uploads a malicious SVG file containing a remote URL reference, which the server processes, allowing the attacker to reach internal services.

Description

ThingsBoard versions < 4.2.1 contain a server-side request forgery (SSRF) vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload a malicious SVG file that references a remote URL. If the server processes the SVG file in a way that parses external references, it may initiate unintended outbound requests. This can be used to access internal services or resources.

Exploits (2)

exploitdb WORKING POC

by 9tamilmathi · pythonwebappsmultiple

https://www.exploit-db.com/exploits/52551

View Code ZIP pw:eip

This exploit demonstrates a Server-Side Request Forgery (SSRF) vulnerability in ThingsBoard IoT Platform versions before 4.2.1. It uploads a malicious SVG file containing a remote URL reference, which the server processes, allowing the attacker to reach internal services.

Classification

Working Poc 95%

Attack Type

Ssrf

Complexity

Moderate

Reliability

Reliable

Target: ThingsBoard IoT Platform < 4.2.1

Auth required

Prerequisites: Tenant Admin bearer token · Access to the Image Upload Gallery feature

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed May 08, 2026 Full analysis →

nomisec WORKING POC

by mathitam · poc

https://github.com/mathitam/thingsboard-ssrf-cve-2025-34282

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2025-34282, demonstrating an SSRF vulnerability in ThingsBoard IoT Platform versions before 4.2.1 via SVG image upload. The exploit includes a Python script that automates the upload of a malicious SVG file and the creation of a widget to trigger the SSRF.

Classification

Working Poc 95%

Attack Type

Ssrf

Complexity

Moderate

Reliability

Reliable

Target: ThingsBoard IoT Platform < 4.2.1

Auth required

Prerequisites: Tenant Admin access · Bearer token · Network access to the target ThingsBoard instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed Apr 09, 2026 Full analysis →

References (3)

Core 3

Core References

Release Notes release-notes patch

https://github.com/thingsboard/thingsboard/releases/tag/v4.2.1

Issue Tracking patch

https://github.com/thingsboard/thingsboard/pull/13927

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/thingsboard-svg-image-ssrf

Scores

CVSS v3 9.1

EPSS 0.0148

EPSS Percentile 70.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (1)

thingsboard/thingsboard < 4.2.1

Published Oct 17, 2025

Tracked Since Feb 18, 2026