CVE-2025-48739

MEDIUM

StrangeBee TheHive <5.2.16, <5.3.11, <5.4.10, <5.5.1 - SSRF

Title source: llm

Description

A Server-Side Request Forgery (SSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows remote authenticated attackers with admin permissions (allowing them to access specific API endpoints) to manipulate URLs to direct requests to unexpected hosts or ports. This allows the attacker to use a TheHive server as a proxy to reach internal or otherwise restricted resources. This could be exploited to access other servers on the internal network.

References (1)

Core 1

Core References

Various Sources

https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2025-002.md

Scores

CVSS v4 4.6

EPSS 0.0036

EPSS Percentile 27.2%

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (4)

StrangeBee/TheHive 5.2.0 - 5.2.16

StrangeBee/TheHive 5.3.0 - 5.3.11

StrangeBee/TheHive 5.4.0 - 5.4.10

StrangeBee/TheHive 5.5.0 - 5.5.1

Published May 23, 2025

Tracked Since Feb 18, 2026