CVE-2025-10395 – This vulnerability in Magicblack MacCMS 2025.10... (How to Fix)

Q: What is the severity of CVE-2025-10395?

CVE-2025-10395 has a CVSS score of 4.7 (MEDIUM). This vulnerability in Magicblack MacCMS 2025.1000.4050 allows remote attackers to perform server-side request forgery (SSRF) by manipulating the 'cjurl' argument in the 'col_url' function of the Scheduled Task Handler. It enables unauthorized requests from the server to internal or external systems, potentially exposing sensitive data or facilitating further attacks. Users running the affected version are at risk.

📋 TL;DR

This vulnerability in Magicblack MacCMS 2025.1000.4050 allows remote attackers to perform server-side request forgery (SSRF) by manipulating the 'cjurl' argument in the 'col_url' function of the Scheduled Task Handler. It enables unauthorized requests from the server to internal or external systems, potentially exposing sensitive data or facilitating further attacks. Users running the affected version are at risk.

💻 Affected Systems

Products:

Magicblack MacCMS

Versions: 2025.1000.4050

Operating Systems: Any OS running the software

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability is in the default configuration of the Scheduled Task Handler component; no special settings are required for exploitation.

📦 What is this software?

Maccms by Maccms

View all CVEs affecting Maccms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Exploitation could lead to data exfiltration, internal network reconnaissance, or chaining with other vulnerabilities to achieve remote code execution or compromise critical systems.

🟠

Likely Case

Attackers may abuse this to scan internal networks, access restricted web services, or trigger denial-of-service conditions by overloading server resources.

🟢

If Mitigated

With proper network segmentation and input validation, impact is limited to minor information disclosure or reduced functionality.

🌐 Internet-Facing: HIGH, as the vulnerability can be exploited remotely without authentication, making internet-facing instances prime targets.

🏢 Internal Only: MEDIUM, as internal attackers could still exploit it for lateral movement or data access, but requires initial network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation is straightforward as it involves manipulating a URL parameter, but no public proof-of-concept code has been identified yet.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor for updates beyond 2025.1000.4050

Vendor Advisory: Not provided in references; monitor official Magicblack channels.

Restart Required: No

Instructions:

1. Contact Magicblack for the latest patched version. 2. Backup your current installation. 3. Apply the update according to vendor instructions. 4. Test functionality post-update.

🔧 Temporary Workarounds

Disable Scheduled Task Handler

all

Temporarily disable the vulnerable component to prevent exploitation.

Consult MacCMS documentation to disable or restrict access to the Scheduled Task Handler.

Input Validation Filter

all

Implement server-side filtering to block malicious URL inputs in the 'cjurl' parameter.

Add validation rules in the application code to allow only trusted URLs or block internal IP ranges.

🧯 If You Can't Patch

Implement network segmentation to restrict outbound requests from the server to only necessary services.
Deploy a web application firewall (WAF) with rules to detect and block SSRF attempts targeting the 'cjurl' parameter.

🔍 How to Verify

Check if Vulnerable:

Review the application code for the 'col_url' function in the Scheduled Task Handler and check if version is 2025.1000.4050.

Check Version:

Check the MacCMS admin panel or configuration files for the installed version number.

Verify Fix Applied:

After patching, test by attempting to exploit the vulnerability with controlled payloads; ensure no unauthorized requests are made.

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from the server, especially to internal IPs or unexpected domains, logged in application or server logs.

Network Indicators:

Suspicious traffic patterns such as repeated requests to non-standard ports or internal addresses originating from the server.

SIEM Query:

Example: 'source="macms_logs" AND (url_parameter="cjurl" AND destination_ip IN [internal_ranges])'

📊 Metadata

CVE ID: CVE-2025-10395

CVSS v3 Score: 4.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-918

EPSS Score: 0.03% exploit probability (6.7th percentile)

Published: September 14, 2025

Last Updated: October 8, 2025

🔗 References

https://github.com/August829/Yu/blob/main/58ead8e7e08bfb017.md Broken Link
https://vuldb.com/?ctiid.323830 Permissions Required,VDB Entry
https://vuldb.com/?id.323830 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.645798 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10395, you might also want to check these: