Vulnerability Details CVE-2025-36845
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_internal/redirect.php allows for Server-Side Request Forgery (SSRF). The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only reachable by the application server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.4%
CVSS Severity
CVSS v3 Score 8.6
References
Products affected by CVE-2025-36845
-
cpe:2.3:a:eveo:urve_web_manager:27.02.2025