CVE-2025-14008 – This CVE describes a Server-Side Request Forger... (How to Fix)

Q: What is the severity of CVE-2025-14008?

CVE-2025-14008 has a CVSS score of 4.7 (MEDIUM). This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in dayrui XunRuiCMS up to version 4.7.1. Attackers can exploit this by manipulating the 'v' parameter in the admin79f2ec220c7e.php file to make the server send unauthorized requests to internal or external systems. Organizations using vulnerable versions of XunRuiCMS with the Project Domain Change Test component are affected.

📋 TL;DR

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in dayrui XunRuiCMS up to version 4.7.1. Attackers can exploit this by manipulating the 'v' parameter in the admin79f2ec220c7e.php file to make the server send unauthorized requests to internal or external systems. Organizations using vulnerable versions of XunRuiCMS with the Project Domain Change Test component are affected.

💻 Affected Systems

Products:

dayrui XunRuiCMS

Versions: Up to and including 4.7.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the Project Domain Change Test component to be accessible. The vulnerable file is admin79f2ec220c7e.php with specific parameters.

📦 What is this software?

Xunruicms by Xunruicms

View all CVEs affecting Xunruicms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could use the vulnerable server as a proxy to scan internal networks, access internal services, or perform data exfiltration from systems that shouldn't be internet-accessible.

🟠

Likely Case

Attackers will typically use this to probe internal networks, access metadata services, or interact with internal APIs that trust the vulnerable server.

🟢

If Mitigated

With proper network segmentation and egress filtering, the impact is limited to the server itself making unauthorized outbound requests.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit details are publicly available on GitHub. The vulnerability requires admin access to reach the vulnerable endpoint, but once accessed, exploitation is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch is available. The vendor did not respond to disclosure. Consider upgrading to any version above 4.7.1 if available, or apply workarounds.

🔧 Temporary Workarounds

Remove vulnerable file

linux

Delete or rename the vulnerable admin79f2ec220c7e.php file to prevent access

mv /path/to/admin79f2ec220c7e.php /path/to/admin79f2ec220c7e.php.disabled

Restrict access via web server

all

Configure web server to block access to the vulnerable endpoint

# Apache: <LocationMatch "admin79f2ec220c7e\.php\?c=api&m=test_site_domain">
    Order deny,allow
    Deny from all
</LocationMatch>
# Nginx: location ~* admin79f2ec220c7e\.php\?c=api&m=test_site_domain { deny all; }

🧯 If You Can't Patch

Implement strict network egress filtering to limit outbound connections from the web server
Deploy a Web Application Firewall (WAF) with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check if admin79f2ec220c7e.php exists and is accessible with parameters c=api&m=test_site_domain&v=[test_url]

Check Version:

Check XunRuiCMS version in system configuration or admin panel

Verify Fix Applied:

Attempt to access the vulnerable endpoint and verify it returns 403/404 or the file no longer exists

📡 Detection & Monitoring

Log Indicators:

HTTP requests to admin79f2ec220c7e.php with c=api&m=test_site_domain parameters
Unusual outbound connections from web server to internal IPs or unusual domains

Network Indicators:

Web server making unexpected HTTP requests to internal network ranges or external domains

SIEM Query:

source="web_server_logs" AND uri="*admin79f2ec220c7e.php*" AND query="*c=api&m=test_site_domain*"

📊 Metadata

CVE ID: CVE-2025-14008

CVSS v3 Score: 4.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-918

EPSS Score: 0.05% exploit probability (16.8th percentile)

Published: December 4, 2025

Last Updated: December 5, 2025

🔗 References

https://github.com/24-2021/vul/blob/main/xunruicms-test_site_domain-SSRF/xunruicms-test_site_domain-SSRF.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.334250 Permissions Required,VDB Entry
https://vuldb.com/?id.334250 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.692915 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14008, you might also want to check these: