CVE-2024-25187 – This CVE describes a Server-Side Request Forger... (How to Fix)

Q: What is the severity of CVE-2024-25187?

CVE-2024-25187 has a CVSS score of 8.6 (HIGH). This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0 that allows remote unauthenticated attackers to make the server send HTTP requests to internal systems. Attackers can potentially access sensitive information from internal services that should not be externally accessible. All users running 71cms v1.0.0 are affected.

📋 TL;DR

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0 that allows remote unauthenticated attackers to make the server send HTTP requests to internal systems. Attackers can potentially access sensitive information from internal services that should not be externally accessible. All users running 71cms v1.0.0 are affected.

💻 Affected Systems

Products:

71cms

Versions: v1.0.0

Operating Systems: all

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability is in the getweather.html endpoint which appears to be accessible by default.

📦 What is this software?

71cms by Xiaocheng Keji

View all CVEs affecting 71cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal metadata services (like AWS/Azure instance metadata), internal APIs, database admin interfaces, or other sensitive internal systems, potentially leading to full system compromise.

🟠

Likely Case

Attackers will scan for and exploit this to access internal services, steal credentials from metadata services, or perform port scanning of internal networks.

🟢

If Mitigated

With proper network segmentation and egress filtering, impact is limited to what the server can reach internally.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The GitHub issue shows exploitation details. SSRF vulnerabilities are commonly weaponized due to their utility in internal network reconnaissance and data exfiltration.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: unknown

Vendor Advisory: https://github.com/xiaocheng-keji/71cms/issues/2

Restart Required: No

Instructions:

No official patch available. Check the GitHub repository for updates or consider migrating to a different CMS.

🔧 Temporary Workarounds

Block getweather.html endpoint

all

Use web server configuration to block access to the vulnerable endpoint

# For Apache: RewriteRule ^getweather\.html$ - [F]
# For Nginx: location = /getweather.html { return 403; }

Implement input validation

all

Add validation to reject URLs pointing to internal IP ranges

# Implement in application code to validate URLs against internal IP ranges

🧯 If You Can't Patch

Implement strict network egress filtering to limit what the server can connect to internally
Deploy a Web Application Firewall (WAF) with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Attempt to access /getweather.html with a URL parameter pointing to an internal service (like http://169.254.169.254/latest/meta-data/) and check if the server responds with internal data.

Check Version:

Check the CMS version in the admin panel or configuration files

Verify Fix Applied:

After applying workarounds, test the same SSRF payloads to confirm they no longer work.

📡 Detection & Monitoring

Log Indicators:

Unusual requests to getweather.html with URL parameters
Outbound connections from the web server to internal IP addresses following getweather.html requests

Network Indicators:

Web server making unexpected outbound HTTP requests to internal IP ranges

SIEM Query:

source="web_server_logs" AND uri="/getweather.html" AND query_string="*url=*"

📊 Metadata

CVE ID: CVE-2024-25187

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE: CWE-918

Published: April 2, 2024

Last Updated: June 10, 2025

🔗 References

https://gist.github.com/wisejayer/d365e93ce09b8a36641165e1d1a0a06c Third Party Advisory
https://github.com/xiaocheng-keji/71cms/issues/2 Broken Link,Exploit
https://gist.github.com/wisejayer/d365e93ce09b8a36641165e1d1a0a06c Third Party Advisory
https://github.com/xiaocheng-keji/71cms/issues/2 Broken Link,Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-25187, you might also want to check these: