CVE-2025-1833

MediumPublic PoC

Published: 02 March 2025

Published

02 March 2025

Modified

26 May 2025

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0007 22.1th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

Security Summary

CVE-2025-1833 is a server-side request forgery (SSRF) vulnerability classified as critical in the zj1983 zz software up to version 2024-8. It affects the sendNotice function within the file src/main/java/com/futvan/z/erp/customer_notice/Customer_noticeAction.java, part of the HTTP Request Handler component. The issue, tied to CWE-918, arises from manipulation of the url argument and carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). The vulnerability was published on 2025-03-02.

Attackers with low privileges (PR:L) can exploit this remotely over the network with low complexity and no user interaction required. By supplying a malicious url argument to the sendNotice function, they can force the server to make unintended requests, potentially leading to limited impacts on confidentiality, integrity, and availability as per the CVSS vector.

Advisories from VulDB and GitHub repositories detail the issue, including a public proof-of-concept exploit. The vendor was contacted early but provided no response, and no patches or official mitigations are mentioned in the available references.

The exploit has been publicly disclosed and may be actively used, increasing the risk for exposed instances of affected zj1983 zz deployments.

Details

CWE(s): CWE-918

Affected Products

zframeworks

≤ 2024-8

MITRE ATT&CK Enterprise Techniques

T1018 Remote System Discovery Discovery

Adversaries may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system.

attack.mitre.org →

T1046 Network Service Discovery Discovery

Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

SSRF in public-facing HTTP endpoint (T1190) enables attackers to forge requests for internal remote system discovery (T1018) and network service discovery (T1046).

References

https://github.com/caigo8/CVE-md/blob/main/zz/zz_2024_8%E5%90%8E%E5%8F%B0SSRF.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.298100
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.298100
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.504833
Third Party Advisory, VDB Entry · cna@vuldb.com
https://github.com/caigo8/CVE-md/blob/main/zz/zz_2024_8%E5%90%8E%E5%8F%B0SSRF.md
Exploit, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0