Vulnerability Details CVE-2025-13809
A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection Handler. Such manipulation of the argument host/sshPort/username/password/authType leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. A patch should be applied to remediate this issue. The vendor was contacted early about this disclosure but did not respond in any way.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.2%
CVSS Severity
CVSS v3 Score 6.3
CVSS v2 Score 6.5
References
- https://github.com/Xzzz111/exps/blob/main/archives/orion-ops-ssrf-1/report.md
- https://github.com/Xzzz111/exps/blob/main/archives/orion-ops-ssrf-1/report.md#proof-of-concept
- https://vuldb.com/?ctiid.333819
- https://vuldb.com/?id.333819
- https://vuldb.com/?submit.692069
- https://github.com/Xzzz111/exps/blob/main/archives/orion-ops-ssrf-1/report.md
- https://github.com/Xzzz111/exps/blob/main/archives/orion-ops-ssrf-1/report.md#proof-of-concept