CVE-2025-25760

CVE-2025-25760 is a Server-Side Request Forgery (SSRF) vulnerability, classified under CWE-918, affecting the admin_webgather.php component in SUCMS version 1.0. The flaw enables attackers to access internal data and services through a crafted GET request. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high severity due to its potential for confidential data exposure without requiring authentication or user interaction.

Remote attackers with network access can exploit this vulnerability by sending a specially crafted GET request to the vulnerable endpoint. Successful exploitation allows them to force the server to make unauthorized requests to internal resources, potentially retrieving sensitive internal data or interacting with backend services not directly exposed to the internet.

Mitigation details and further technical analysis are available in the referenced advisory document at https://github.com/147536951/Qianyi-learn/blob/main/SUCMS2.pdf, published on 2025-02-27. Security practitioners should review it for patching guidance or workarounds specific to SUCMS v1.0 deployments.