CVE-2025-64252
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-22

Last updated on: 2026-01-28

Assigner: Patchstack

Description
Server-Side Request Forgery (SSRF) vulnerability in Marco Milesi ANAC XML Viewer anac-xml-viewer allows Server Side Request Forgery.This issue affects ANAC XML Viewer: from n/a through <= 1.8.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-01-28
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-64252
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack anac_xml_viewer to 1.8.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-64252 is a Server Side Request Forgery (SSRF) vulnerability in the WordPress ANAC XML Viewer Plugin versions up to and including 1.8.2. It allows a malicious actor to make the affected website send HTTP requests to arbitrary domains controlled by the attacker. This can be used to access sensitive information from other services running on the same system. [1]

Impact Analysis

This vulnerability can allow an attacker to access sensitive information from other services running on the same system as the vulnerable plugin. This could lead to unauthorized data exposure or further attacks within the affected environment. However, exploitation requires contributor or developer privileges, and the severity is considered low with a CVSS score of 4.9. [1]

Detection Guidance

Detection of this SSRF vulnerability involves monitoring for unusual HTTP requests originating from the affected ANAC XML Viewer plugin to arbitrary or attacker-controlled domains. Network administrators can inspect web server logs for unexpected outbound requests or use network monitoring tools to identify suspicious HTTP traffic patterns. Specific commands are not provided in the available resources. [1]

Mitigation Strategies

To mitigate this vulnerability, immediately update the ANAC XML Viewer plugin to version 1.8.3 or later, where the issue is fixed. Additionally, enabling auto-updates for vulnerable plugins can help ensure rapid protection against this and similar vulnerabilities. [1]

Compliance Impact

The provided resources do not specify how this SSRF vulnerability in the ANAC XML Viewer plugin affects compliance with common standards and regulations such as GDPR or HIPAA. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-64252. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart