CVE-2025-1848
Published: 03 March 2025
Description
Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.
Security Summary
CVE-2025-1848 is a server-side request forgery (SSRF) vulnerability, classified as critical, affecting zj1983 zz up to version 2024-8. The issue resides in an unknown function within the file /import_data_check, where manipulation of the url argument enables the SSRF. It is remotely exploitable and associated with CWE-918, with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). The vulnerability was published on 2025-03-03.
A remote attacker with low privileges can exploit this vulnerability by crafting a malicious url argument, potentially forcing the server to make unintended requests. This could lead to limited impacts on confidentiality, integrity, and availability, depending on the internal resources accessible via SSRF.
Advisories from sources like VulDB and GitHub repositories detail the exploit, which has been publicly disclosed and may be actively used. The vendor was contacted early regarding the issue but provided no response, and no patches or specific mitigations are referenced.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The SSRF vulnerability (CWE-918) in the public-facing /import_data_check endpoint enables exploitation of public-facing applications (T1190) and facilitates network service discovery (T1046) by allowing remote attackers to forge server-side requests to internal/intranet resources.