CVE-2025-10211
BaseFortify
Publication date: 2025-09-10
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chancms | chancms | 3.3.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-10211 is a server-side request forgery (SSRF) vulnerability in ChanCMS version 3.3.0, specifically in the CollectController function within the /cms/collect/getArticle file. The vulnerability occurs because the taskUrl parameter is not properly validated before being used to fetch content from a URL. This allows an attacker to supply a crafted URL that the server will request, potentially enabling unauthorized access to internal or external resources via the server. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to make the server send unauthorized requests to arbitrary URLs. This can lead to compromise of confidentiality, integrity, and availability of the affected system. An attacker could potentially access internal systems, sensitive data, or cause denial of service. The exploit is easy to perform remotely, and no vendor mitigation is currently available, increasing the risk. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual or unauthorized requests to the /cms/collect/getArticle endpoint, especially those containing the taskUrl parameter. Since the vulnerability involves server-side request forgery (SSRF) via the taskUrl argument, inspecting web server logs or application logs for suspicious or unexpected URLs being requested by the server can help identify exploitation attempts. Network monitoring tools can be used to detect outbound requests initiated by the server to unexpected external or internal IP addresses or domains. Specific commands depend on your environment, but examples include using grep to search logs for 'taskUrl' parameters or using network monitoring tools like tcpdump or Wireshark to capture outbound HTTP requests from the server. For example, on a Linux system, you might run: 1) grep 'taskUrl' /var/log/nginx/access.log 2) tcpdump -i eth0 'tcp port 80 or tcp port 443' -w capture.pcap 3) Analyze capture.pcap with Wireshark to identify suspicious outbound requests. Additionally, web application firewalls (WAF) or intrusion detection systems (IDS) can be configured to alert on requests to /cms/collect/getArticle with suspicious taskUrl values. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint /cms/collect/getArticle to trusted users or IP addresses, if possible. Since the vendor has not provided any patch or fix, consider disabling or removing the affected functionality temporarily to prevent exploitation. Implement network-level controls to block outbound requests from the server to untrusted or external destinations to limit the impact of SSRF. Monitoring and alerting on suspicious activity related to this endpoint should be increased. Ultimately, consider replacing the affected ChanCMS 3.3.0 component with an alternative product or a patched version once available, as no vendor mitigation currently exists. [2]