CVE-2025-10787
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| muyucms | muyucms | 2.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-10787 is a server-side request forgery (SSRF) vulnerability in MuYuCMS versions up to 2.7, specifically in the "Add Fiend Link" handler located in /index/index.html. It occurs because the application improperly validates the "Link URL" argument, allowing an attacker to manipulate this parameter to make the server send unauthorized requests to arbitrary destinations. This can be exploited remotely and easily, enabling attackers to potentially access internal systems or resources that the server can reach. [1]
How can this vulnerability impact me? :
This vulnerability can impact confidentiality, integrity, and availability of the affected system. An attacker exploiting this SSRF flaw can make the server perform unauthorized requests, potentially accessing sensitive internal resources, causing data leaks, or disrupting services. Since the exploit is publicly available and easy to launch remotely, it poses a moderate risk to affected systems. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying the presence of the vulnerable MuYuCMS version up to 2.7, specifically by checking for the existence of the /index/index.html page with the 'Add Fiend Link' handler. One method is to use Google dorking with the query "inurl:index/index.html" to find potentially vulnerable targets. Additionally, monitoring HTTP requests for manipulation of the 'Link URL' parameter that triggers server-side requests to arbitrary destinations can help detect exploitation attempts. Specific commands are not provided, but using web scanning tools or curl to test the /index/index.html endpoint with crafted 'Link URL' parameters may help detect the vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations are currently available for this vulnerability. It is suggested to replace the affected component or product (MuYuCMS up to version 2.7) to mitigate the risk. Until a patch or fix is released, restricting access to the vulnerable endpoint and monitoring for suspicious activity may help reduce exposure. [1]