CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-10695

Two unauthenticated diagnostic endpoints allow arbitrary backend-initiated network connections to an attacker‑supplied destination. Both endpoints are exposed with permission => 'any', enabling unauthenticated SSRF for internal network scanning and service interaction. This issue affects OpenSupports: 4.11.0.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 17.1%

CVSS Severity

CVSS v3 Score 5.3

References

https://fluidattacks.com/advisories/freer
https://github.com/opensupports/opensupports
https://fluidattacks.com/advisories/freer

Products affected by CVE-2025-10695

Opensupports » Opensupports » Version: 4.11.0

cpe:2.3:a:opensupports:opensupports:4.11.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-10695

Products

Pricing

Contact Us