CVE-2025-8133
BaseFortify
Publication date: 2025-07-25
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chancms | chancms | to 3.1.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8133 is a Server-Side Request Forgery (SSRF) vulnerability in ChanCMS versions up to 3.1.2, specifically in the getArticle function of the gather.js file. The vulnerability occurs because the targetUrl parameter is user-controllable and lacks proper validation or filtering. This allows an attacker to manipulate the server into making unauthorized HTTP requests to arbitrary URLs, including internal network resources that are normally inaccessible externally. The vulnerability can be exploited remotely without authentication, and public proof-of-concept exploits exist. Upgrading to ChanCMS version 3.1.3 fixes this issue. [1, 2, 3]
How can this vulnerability impact me? :
This SSRF vulnerability can impact you by allowing attackers to make arbitrary requests from your server to internal or external systems. This can lead to unauthorized access to internal services, bypassing firewall protections, potential data exposure, port scanning, or further attacks within your network. It can compromise the confidentiality, integrity, and availability of your systems by enabling attackers to interact with otherwise protected resources through your server. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring and analyzing requests to the vulnerable endpoint `/cms/gather/getArticle` for suspicious or unexpected targetUrl parameters that point to internal or unauthorized network addresses. You can use network traffic inspection tools or web server logs to identify such requests. Additionally, testing the endpoint with crafted requests to internal IP addresses (e.g., http://192.168.x.x) can help confirm the presence of the SSRF vulnerability. For example, using curl to send a request to the vulnerable endpoint with a targetUrl parameter pointing to an internal resource: `curl -G 'http://<server-ip>:7001/cms/gather/getArticle' --data-urlencode 'targetUrl=http://192.168.3.1:3306/'` and observing the response can indicate if SSRF is exploitable. [3]
What immediate steps should I take to mitigate this vulnerability?
The immediate and recommended mitigation step is to upgrade ChanCMS to version 3.1.3, which contains the patch (commit 3ef58a50e8b3c427b03c8cf3c9e19a79aa809be6) that fixes the SSRF vulnerability by properly validating the targetUrl parameter. Until the upgrade can be applied, you may consider implementing network-level restrictions such as firewall rules to block outgoing requests from the server to internal IP ranges or untrusted destinations, and monitoring or blocking suspicious requests to the `/cms/gather/getArticle` endpoint. [2]