CVE-2025-8772
BaseFortify
Publication date: 2025-08-09
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nukeviet | nukeviet | to 4.5.06 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8772 is a server-side request forgery (SSRF) vulnerability in Vinades NukeViet version up to 4.5.06, specifically in the file upload functionality at /admin/index.php?language=en&nv=upload. It allows attackers with at least "Module Administrator" privileges to exploit the "Remote upload" feature to make the server download files from internal URLs or services. This lets attackers upload internal files such as archives, documents, or media files into the system without proper security checks, potentially exposing sensitive internal resources to unauthorized access. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to sensitive internal files and resources by allowing attackers to upload files from internal URLs to the NukeViet system. Attackers with limited privileges can exploit this to read confidential internal data, potentially leading to data leakage or further attacks within the internal network. Since the vulnerability enables server-side request forgery, it can be used to bypass network restrictions and access internal services not intended to be exposed externally. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the vulnerable NukeViet version 4.5.06 is in use and if the upload endpoint `/nukeviet/admin/index.php?language=en&nv=upload` is accessible. Since exploitation requires at least "Module Administrator" privileges and uses the "Remote upload" feature to specify internal URLs, monitoring access logs for unusual requests to this endpoint, especially those using the remote upload mode with internal URLs, can help detect exploitation attempts. Specific commands are not provided in the resources, but network administrators can monitor HTTP access logs for requests to `/nukeviet/admin/index.php` with parameters indicating remote upload activity. Additionally, scanning for the presence of NukeViet version 4.5.06 on servers can be done using version detection tools or web application scanners. No explicit commands are given in the resources. [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the admin panel and the upload endpoint `/nukeviet/admin/index.php?language=en&nv=upload` to trusted administrators only, especially limiting accounts with "Module Administrator" privileges. Since no vendor patch or official mitigation is available and the vendor did not respond, it is recommended to disable or restrict the remote upload feature if possible. Network-level controls such as firewall rules to block outgoing requests from the server to internal URLs can help prevent SSRF exploitation. Ultimately, consider replacing the affected component or upgrading to a non-vulnerable version once available. Monitoring for suspicious activity and applying strict access controls are critical immediate steps. [3, 1, 2]