Login Sign Up

CVE-2025-14004

4.7 MEDIUM
SSRF

📋 TL;DR

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in dayrui XunRuiCMS up to version 4.7.1. The flaw allows attackers to make unauthorized requests from the vulnerable server to internal or external systems. Any organization running XunRuiCMS versions up to 4.7.1 with the email component accessible is affected.

💻 Affected Systems

Products:
  • dayrui XunRuiCMS
Versions: Up to and including 4.7.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires access to the email settings handler component at /admind45f74adbd95.php?c=email&m=add

📦 What is this software?

Xunruicms by Xunruicms

View all CVEs affecting Xunruicms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, perform port scanning, interact with cloud metadata services, or chain with other vulnerabilities to achieve remote code execution.

🟠

Likely Case

Information disclosure from internal services, scanning of internal networks, or abuse of the server as a proxy for attacks against other systems.

🟢

If Mitigated

Limited impact if network segmentation restricts the vulnerable server's access to sensitive internal resources.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires authentication to access the email settings handler. Public proof-of-concept exists in GitHub repository.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor did not respond to disclosure. Consider upgrading if newer versions exist or apply workarounds.

🔧 Temporary Workarounds

Restrict access to email handler

all

Block access to the vulnerable endpoint using web server configuration or firewall rules.

# Apache: RewriteRule ^/admind45f74adbd95\.php - [F,L]
# Nginx: location ~ /admind45f74adbd95\.php { deny all; }

Input validation and URL filtering

all

Implement strict validation of URL parameters in the email handler to reject external/internal URLs.

🧯 If You Can't Patch

  • Implement network segmentation to restrict the vulnerable server's outbound connections
  • Deploy a web application firewall (WAF) with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check if XunRuiCMS version is ≤4.7.1 and if /admind45f74adbd95.php?c=email&m=add endpoint is accessible with authentication.

Check Version:

Check XunRuiCMS configuration files or admin panel for version information.

Verify Fix Applied:

Test if the vulnerable endpoint no longer accepts malicious URL parameters or is inaccessible.

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from the server
  • Access to /admind45f74adbd95.php with URL parameters

Network Indicators:

  • HTTP requests from server to internal IP ranges or unusual domains

SIEM Query:

source_ip=[SERVER_IP] AND (http_uri CONTAINS 'admind45f74adbd95.php' OR dest_ip IN [INTERNAL_RANGES])

📊 Metadata

CVE ID: CVE-2025-14004
CVSS v3 Score: 4.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-918
EPSS Score: 0.06% exploit probability (17.7th percentile)
Published: December 4, 2025
Last Updated: February 24, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14004, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)