CVE-2025-13174 – This CVE describes a Server-Side Request Forger... (How to Fix)

Q: What is the severity of CVE-2025-13174?

CVE-2025-13174 has a CVSS score of 6.3 (MEDIUM). This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the WeRSS we-mp-rss Webhook module. Attackers can manipulate the web_hook_url parameter to make the server send unauthorized requests to internal or external systems. Organizations using rachelos WeRSS we-mp-rss up to version 1.4.7 are affected.

📋 TL;DR

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the WeRSS we-mp-rss Webhook module. Attackers can manipulate the web_hook_url parameter to make the server send unauthorized requests to internal or external systems. Organizations using rachelos WeRSS we-mp-rss up to version 1.4.7 are affected.

💻 Affected Systems

Products:

rachelos WeRSS we-mp-rss

Versions: up to 1.4.7

Operating Systems: all

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the Webhook module specifically; requires the module to be enabled and configured.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, exfiltrate sensitive data, or pivot to other systems within the network.

🟠

Likely Case

Unauthorized requests to internal services, potential data leakage, and reconnaissance of internal infrastructure.

🟢

If Mitigated

Limited impact with proper network segmentation and input validation controls in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit details are publicly available; requires access to manipulate the web_hook_url parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: unknown

Vendor Advisory: unknown

Restart Required: No

Instructions:

No official patch available; monitor vendor for updates and apply workarounds.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict validation of web_hook_url parameter to allow only trusted URLs.

Network Segmentation

all

Restrict outbound network access from the affected server to only necessary services.

🧯 If You Can't Patch

Disable the Webhook module if not required.
Implement web application firewall (WAF) rules to block SSRF attempts.

🔍 How to Verify

Check if Vulnerable:

Check if WeRSS we-mp-rss version is 1.4.7 or earlier and the Webhook module is enabled.

Check Version:

Check the software version in the application configuration or via package manager.

Verify Fix Applied:

Verify that web_hook_url parameter validation is enforced and outbound requests are restricted.

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from the server
Requests to internal IP addresses or unexpected domains

Network Indicators:

Outbound connections to unusual ports or internal services from the affected server

SIEM Query:

source_ip=affected_server AND (dest_ip=internal_range OR dest_port=unusual_port)

📊 Metadata

CVE ID: CVE-2025-13174

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-918

EPSS Score: 0.05% exploit probability (15.5th percentile)

Published: November 14, 2025

Last Updated: November 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13174, you might also want to check these: