CVE-2025-1849
Published: 03 March 2025
Description
Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.
Security Summary
CVE-2025-1849 is a server-side request forgery (SSRF) vulnerability classified as critical, affecting zj1983 zz up to version 2024-8. The issue resides in an unknown functionality of the /import_data_todb file, where manipulation of the url argument enables the SSRF. It is associated with CWE-918 and carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). The vulnerability was published on 2025-03-03.
A remote attacker with low privileges (PR:L) can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows limited impacts on confidentiality, integrity, and availability (C:L/I:L/A:L), potentially enabling the attacker to force the server to make unauthorized requests to internal or external resources.
Advisories from sources like VulDB and GitHub repositories detail the vulnerability but note no vendor response despite early contact. No patches or official mitigations are mentioned; recent entries on VulDB (ctiid.298117, id.298117, submit.505346) confirm the issue without remediation guidance.
The exploit has been publicly disclosed, including proof-of-concept details in GitHub markdown files, increasing the risk of active use against unpatched instances.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The SSRF vulnerability (CWE-918) in the public-facing /import_data_todb endpoint enables exploitation of public-facing applications (T1190) and facilitates internal network service discovery (T1046) through server-side requests to arbitrary internal URLs.