CVE-2025-30997
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Server Side Request Forgery (SSRF) in the WordPress Car Repair Services Theme version 5.0 and earlier. It allows an unauthenticated attacker to make the affected website send HTTP requests to arbitrary domains controlled by the attacker. This means the attacker can potentially access sensitive information from other services running on the same system by exploiting this flaw. [1]
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can use the affected website to send requests to arbitrary domains, potentially accessing sensitive information from other services on the same system. Although the CVSS score indicates a low severity impact, exploitation could lead to unauthorized information disclosure. The attacks are opportunistic and automated, targeting all vulnerable websites indiscriminately. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this SSRF vulnerability involves monitoring for unusual outbound HTTP requests from the affected WordPress Car Repair Services theme to arbitrary or attacker-controlled domains. Since the vulnerability allows unauthenticated attackers to trigger HTTP requests, network traffic analysis tools can be used to identify suspicious requests. Commands to detect such activity could include using network monitoring tools like tcpdump or Wireshark to capture outbound HTTP traffic, for example: tcpdump -i any -nn port 80 or 443 and then filtering for unusual destination IPs or domains. Additionally, server-side logs should be reviewed for unexpected HTTP requests initiated by the web application. However, no specific detection commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) as recommended by Patchstack, which auto-mitigates the vulnerability even without an official patch. Since no official fix or patched version is currently available, virtual patching is the primary recommended approach. Additionally, monitoring and restricting outbound HTTP requests from the affected system can help reduce exploitation risk. In case of suspected compromise, professional incident response or server-side malware scanning is advised rather than relying on plugin-based malware scanners, which may be tampered with by malware. [1]