CVE-2025-6517
BaseFortify
Publication date: 2025-06-23
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| maxkey | maxkey | to 4.1.7 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6517 is a critical Server-Side Request Forgery (SSRF) vulnerability in Dromara MaxKey versions up to 4.1.7. It exists in the Add function of the SAML20DetailsController.java component, where improper validation of the 'post' argument allows an attacker to manipulate server-side requests. This means an attacker can make the server send unauthorized requests to arbitrary URLs, potentially leading to malicious activities such as information disclosure or internal network scanning. The vulnerability can be exploited remotely without authentication, and a proof-of-concept exploit is publicly available. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by compromising the confidentiality, integrity, and availability of your system. An attacker exploiting this SSRF flaw can induce the server to make unauthorized requests, which may lead to information disclosure, unauthorized access to internal resources, or disruption of services. Since the exploit is easy to perform and publicly available, the risk of attack is significant, especially if the affected MaxKey version is in use. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual or unauthorized server-side requests initiated by the vulnerable MaxKey application, especially those involving the manipulation of POST requests to the SAML20DetailsController.java component. Since the exploit involves Server-Side Request Forgery (SSRF), network monitoring tools can be used to detect unexpected outbound requests from the server to arbitrary URLs. Additionally, reviewing web server logs for suspicious POST requests targeting the vulnerable endpoint may help identify exploitation attempts. Specific commands are not provided in the resources, but general approaches include using network traffic analysis tools like tcpdump or Wireshark to capture outbound HTTP requests, and grep or similar tools to search logs for suspicious POST parameters related to the 'post' argument in the SAML20DetailsController. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting access to the vulnerable MaxKey versions (up to 4.1.7), especially the component handling the SAML20DetailsController.java. Since no vendor patches or mitigations are available and the vendor did not respond, users are advised to consider replacing the affected component with an alternative product. Additionally, implementing network-level controls to restrict outbound requests from the server to untrusted or arbitrary URLs can help reduce exploitation risk. Monitoring and blocking suspicious POST requests targeting the vulnerable endpoint may also help mitigate attacks. [2]