CVE-2025-10410 – This CVE describes a Server-Side Request Forger... (How to Fix)

Q: What is the severity of CVE-2025-10410?

CVE-2025-10410 has a CVSS score of 6.3 (MEDIUM). This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in SourceCodester Link Status Checker 1.0 where manipulation of the 'proxy' parameter in index.php allows attackers to make unauthorized requests from the vulnerable server. The vulnerability affects all installations of Link Status Checker 1.0 and can be exploited remotely without authentication.

📋 TL;DR

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in SourceCodester Link Status Checker 1.0 where manipulation of the 'proxy' parameter in index.php allows attackers to make unauthorized requests from the vulnerable server. The vulnerability affects all installations of Link Status Checker 1.0 and can be exploited remotely without authentication.

💻 Affected Systems

Products:

SourceCodester Link Status Checker

Versions: 1.0

Operating Systems: All operating systems running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of version 1.0 are vulnerable. The vulnerability is in the core application code.

📦 What is this software?

Link Status Checker by Rems

View all CVEs affecting Link Status Checker →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could use the vulnerable server as a proxy to scan internal networks, access internal services, or perform data exfiltration from systems reachable by the server.

🟠

Likely Case

Attackers will use the vulnerability to scan internal networks, access metadata services (like AWS/Azure instance metadata), or perform port scanning of internal systems.

🟢

If Mitigated

With proper network segmentation and egress filtering, the impact is limited to the server itself and directly adjacent systems.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely without authentication on internet-facing installations.

🏢 Internal Only: MEDIUM - Internal systems could still be targeted by authenticated users or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept exploit is available on GitHub. Exploitation requires only HTTP requests to the vulnerable parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://www.sourcecodester.com/

Restart Required: No

Instructions:

No official patch is available. Remove or disable the application until a fix is released.

🔧 Temporary Workarounds

Input Validation and Filtering

PHP

Implement strict input validation on the proxy parameter to only allow expected values or disable the parameter entirely.

Modify index.php to validate proxy parameter: if(!filter_var($proxy, FILTER_VALIDATE_URL) || !in_array(parse_url($proxy, PHP_URL_HOST), $allowed_hosts)) { die('Invalid proxy'); }

Web Application Firewall Rules

all

Implement WAF rules to block requests containing suspicious proxy parameters or SSRF patterns.

WAF rule to block: Contains 'proxy=' with internal IP patterns or localhost references

🧯 If You Can't Patch

Remove the application from production systems immediately
Implement network segmentation to restrict the server's outbound connections to only necessary services

🔍 How to Verify

Check if Vulnerable:

Test by sending a request to index.php with proxy parameter pointing to a controlled server (e.g., http://attacker.com/test) and check if the server makes the request.

Check Version:

Check the application files for version information or review the source code for version markers.

Verify Fix Applied:

Attempt the same SSRF test after implementing workarounds - the server should not make external requests.

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from the server, especially to internal IP ranges or metadata services
Requests to index.php with proxy parameter containing unusual URLs

Network Indicators:

Unexpected outbound HTTP traffic from the server to internal networks or external services

SIEM Query:

source="web_server_logs" AND uri="*index.php*" AND query="*proxy=*" AND (dst_ip="169.254.169.254" OR dst_ip="10.*" OR dst_ip="192.168.*" OR dst_ip="172.16.*")

📊 Metadata

CVE ID: CVE-2025-10410

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-918

EPSS Score: 0.03% exploit probability (9th percentile)

Published: September 14, 2025

Last Updated: September 18, 2025

🔗 References

https://github.com/drew-byte/Link_Status_Checker_PoC Exploit,Third Party Advisory
https://vuldb.com/?ctiid.323844 Permissions Required,VDB Entry
https://vuldb.com/?id.323844 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.646911 Third Party Advisory,VDB Entry
https://www.sourcecodester.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10410, you might also want to check these: