CVE-2025-10787
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-22

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in MuYuCMS up to 2.7. Impacted is an unknown function of the file /index/index.html of the component Add Fiend Link Handler. Performing manipulation of the argument Link URL results in server-side request forgery. The attack may be initiated remotely. The exploit has been made public and could be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-22
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-09-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-10787
EUVD
EUVD-2025-30402
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
muyucms muyucms 2.7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-10787 is a server-side request forgery (SSRF) vulnerability in MuYuCMS versions up to 2.7, specifically in the "Add Fiend Link" handler located in /index/index.html. It occurs because the application improperly validates the "Link URL" argument, allowing an attacker to manipulate this parameter to make the server send unauthorized requests to arbitrary destinations. This can be exploited remotely and easily, enabling attackers to potentially access internal systems or resources that the server can reach. [1]

Impact Analysis

This vulnerability can impact confidentiality, integrity, and availability of the affected system. An attacker exploiting this SSRF flaw can make the server perform unauthorized requests, potentially accessing sensitive internal resources, causing data leaks, or disrupting services. Since the exploit is publicly available and easy to launch remotely, it poses a moderate risk to affected systems. [1]

Detection Guidance

This vulnerability can be detected by identifying the presence of the vulnerable MuYuCMS version up to 2.7, specifically by checking for the existence of the /index/index.html page with the 'Add Fiend Link' handler. One method is to use Google dorking with the query "inurl:index/index.html" to find potentially vulnerable targets. Additionally, monitoring HTTP requests for manipulation of the 'Link URL' parameter that triggers server-side requests to arbitrary destinations can help detect exploitation attempts. Specific commands are not provided, but using web scanning tools or curl to test the /index/index.html endpoint with crafted 'Link URL' parameters may help detect the vulnerability. [1]

Mitigation Strategies

No known countermeasures or mitigations are currently available for this vulnerability. It is suggested to replace the affected component or product (MuYuCMS up to version 2.7) to mitigate the risk. Until a patch or fix is released, restricting access to the vulnerable endpoint and monitoring for suspicious activity may help reduce exposure. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10787. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart