CVE-2025-0474

CVE-2025-0474 is an authenticated Server-Side Request Forgery (SSRF) vulnerability in Invoice Ninja, affecting versions from 5.8.56 through 5.11.23. The flaw, tied to CWE-918, enables arbitrary file reads and network resource requests executed as the application user. It carries a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N), highlighting high confidentiality impact with changed scope.

Authenticated users with low privileges (PR:L) can exploit this over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Exploitation allows reading sensitive arbitrary files on the server and issuing requests to internal or external network resources under the application's user context, potentially exposing confidential data or enabling further reconnaissance and pivoting.

Vendor patches address the issue, as detailed in GitHub commit 2a9bf353b432d7060e85487b617151ecbc36247d and the compare between 97ae948618230c1812f3223b80bf22dcb0382dc5 and 435780932fe19063001d79ba518815df62773d71. Additional mitigation guidance appears in the VulnCheck advisory at https://vulncheck.com/advisories/invoice-ninja-ssrf.