Login Sign Up

CVE-2025-0480

4.3 MEDIUM
SSRF

📋 TL;DR

This CVE-2025-0480 vulnerability in wuzhicms 4.1.0 allows attackers to perform server-side request forgery (SSRF) by manipulating sphinxhost/sphinxport parameters in the search admin configuration. Attackers can potentially access internal services or make unauthorized requests from the server. Only wuzhicms 4.1.0 installations with the search module enabled are affected.

💻 Affected Systems

Products:
  • wuzhicms
Versions: 4.1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires search module to be enabled and admin access to the configuration interface.

📦 What is this software?

Wuzhicms by Wuzhicms

View all CVEs affecting Wuzhicms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, sensitive data, or use the server as a proxy for attacks against other internal systems.

🟠

Likely Case

Information disclosure from internal services, limited internal network scanning, or denial of service against internal systems.

🟢

If Mitigated

Minimal impact if network segmentation restricts internal access and input validation is implemented.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires admin access to the search configuration interface. Public disclosure includes technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Disable search module

all

Remove or disable the vulnerable search module to prevent exploitation.

Disable via admin panel or remove coreframe/app/search directory

Input validation

all

Add validation for sphinxhost/sphinxport parameters to restrict allowed values.

Modify coreframe/app/search/admin/config.php to validate host/port inputs

🧯 If You Can't Patch

  • Restrict admin access to trusted IP addresses only
  • Implement network segmentation to limit server's access to internal services

🔍 How to Verify

Check if Vulnerable:

Check if running wuzhicms 4.1.0 with search module enabled. Review admin access logs for suspicious configuration changes.

Check Version:

Check wuzhicms version in admin panel or read version.txt in installation directory

Verify Fix Applied:

Verify search module is disabled or input validation is implemented. Test SSRF attempts should fail.

📡 Detection & Monitoring

Log Indicators:

  • Unusual admin configuration changes to search settings
  • Requests to internal services from the wuzhicms server

Network Indicators:

  • Outbound connections from wuzhicms server to unexpected internal services

SIEM Query:

source="wuzhicms" AND (event="config_change" OR event="admin_action") AND (parameter="sphinxhost" OR parameter="sphinxport")

📊 Metadata

CVE ID: CVE-2025-0480
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-918
EPSS Score: 0.09% exploit probability (26.5th percentile)
Published: January 15, 2025
Last Updated: May 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0480, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)