CVE-2025-13588
BaseFortify
Publication date: 2025-11-24
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| streamity | xtream_iptv_player | 2.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the lKinderBueno Streamity Xtream IPTV Player up to version 2.8, specifically in an unknown function within the file public/proxy.php. It allows an attacker to perform server-side request forgery (SSRF) remotely by manipulating this function. SSRF vulnerabilities enable attackers to make the server send unauthorized requests, potentially accessing internal systems or sensitive information. The issue is fixed in version 2.8.1.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing a remote attacker to exploit server-side request forgery, which may lead to unauthorized access to internal resources, data leakage, or further attacks within your network. Since the exploit is public, the risk of exploitation is higher if the affected version is used. Upgrading to version 2.8.1 mitigates this risk.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the lKinderBueno Streamity Xtream IPTV Player to version 2.8.1, as this version contains the patch that resolves the server-side request forgery vulnerability.