CVE-2025-13789 – This CVE describes a server-side request forger... (How to Fix)

Q: What is the severity of CVE-2025-13789?

CVE-2025-13789 has a CVSS score of 6.3 (MEDIUM). This CVE describes a server-side request forgery (SSRF) vulnerability in ZenTao's AI module. Attackers can exploit the makeRequest function in module/ai/model.php to make the server send unauthorized requests to internal or external systems. All ZenTao installations up to version 21.7.6-8564 are affected.

📋 TL;DR

This CVE describes a server-side request forgery (SSRF) vulnerability in ZenTao's AI module. Attackers can exploit the makeRequest function in module/ai/model.php to make the server send unauthorized requests to internal or external systems. All ZenTao installations up to version 21.7.6-8564 are affected.

💻 Affected Systems

Products:

ZenTao

Versions: Up to 21.7.6-8564

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the AI module to be enabled/accessible.

📦 What is this software?

Zentao by Zentao

View all CVEs affecting Zentao →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could pivot to internal systems, access cloud metadata services, perform port scanning, or exfiltrate sensitive data from internal services.

🟠

Likely Case

Unauthorized access to internal HTTP services, potential data leakage from internal APIs, or abuse of the server as a proxy for malicious requests.

🟢

If Mitigated

Limited impact with proper network segmentation, egress filtering, and web application firewalls blocking suspicious outbound requests.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit details are publicly available in GitHub issues. Attack requires some level of access to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 21.7.6

Vendor Advisory: Not provided in references

Restart Required: Yes

Instructions:

1. Backup your ZenTao installation and database
2. Download ZenTao version 21.7.6 or later from official sources
3. Follow ZenTao upgrade documentation for your deployment method
4. Verify the upgrade completed successfully

🔧 Temporary Workarounds

Disable AI Module

all

Temporarily disable or restrict access to the vulnerable AI module

# Modify ZenTao configuration to disable AI module
# Or use web server rules to block access to /module/ai/ paths

Network Egress Filtering

linux

Implement outbound firewall rules to restrict server-initiated HTTP requests

# Example iptables rule to block outbound HTTP from web server
iptables -A OUTPUT -p tcp --dport 80 -j DROP
iptables -A OUTPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to isolate ZenTao from internal services
Deploy a web application firewall with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check ZenTao version in admin panel or by examining version files. If version is 21.7.6-8564 or earlier, system is vulnerable.

Check Version:

Check ZenTao web interface admin panel or examine VERSION file in installation directory

Verify Fix Applied:

Verify ZenTao version shows 21.7.6 or later. Test the AI module functionality to ensure it works without allowing SSRF.

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from web server process
Requests to internal IP addresses or cloud metadata endpoints from web application
Multiple failed connection attempts to various ports from web server

Network Indicators:

Web server making unexpected HTTP requests to internal networks
Traffic to cloud metadata services (169.254.169.254, etc.) from web server

SIEM Query:

source="web_server_logs" AND (dest_ip IN private_ranges OR dest_ip=169.254.169.254) AND user_agent="ZenTao"

📊 Metadata

CVE ID: CVE-2025-13789

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-918

EPSS Score: 0.05% exploit probability (15.9th percentile)

Published: November 30, 2025

Last Updated: December 4, 2025

🔗 References

https://github.com/ez-lbz/ez-lbz.github.io/issues/2 Exploit,Issue Tracking,Vendor Advisory
https://github.com/ez-lbz/ez-lbz.github.io/issues/2#issue-3598317459 Exploit,Issue Tracking,Vendor Advisory
https://github.com/ez-lbz/ez-lbz.github.io/issues/2#issuecomment-3540247346 Exploit,Issue Tracking
https://vuldb.com/?ctiid.333793 Permissions Required,VDB Entry
https://vuldb.com/?id.333793 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.690728 Third Party Advisory,VDB Entry
https://www.zentao.net/extension-viewext-6.html Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13789, you might also want to check these: