CVE-2025-2192
📋 TL;DR
This Server-Side Request Forgery (SSRF) vulnerability in Stoque Zeev.it allows attackers to manipulate the inpRedirectURL parameter on the login page to make the server send unauthorized requests to internal or external systems. It affects Stoque Zeev.it version 4.24 installations. The vulnerability can be exploited remotely without authentication.
💻 Affected Systems
- Stoque Zeev.it
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could use the vulnerable server as a proxy to scan internal networks, access internal services, or interact with cloud metadata services to obtain credentials and escalate access.
Likely Case
Attackers will use the vulnerability to scan internal networks, access internal web applications, or make requests to external services while hiding their true IP address.
If Mitigated
With proper network segmentation and egress filtering, the impact is limited to information disclosure about internal network structure and potential denial of service against the vulnerable server.
🎯 Exploit Status
The exploit has been publicly disclosed and requires minimal technical skill to execute. No authentication is required to exploit this vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch is available as the vendor has not responded. Consider implementing workarounds or migrating to alternative software.
🔧 Temporary Workarounds
Input Validation Filter
allImplement input validation to reject or sanitize URLs in the inpRedirectURL parameter
Modify application code to validate inpRedirectURL parameter against whitelist of allowed domains
Web Application Firewall Rule
allBlock requests containing suspicious URL patterns in the inpRedirectURL parameter
Add WAF rule to block requests with inpRedirectURL containing internal IP ranges, localhost, or file:// schemes
🧯 If You Can't Patch
- Implement network segmentation to restrict the vulnerable server's outbound connections
- Deploy a reverse proxy with strict URL validation for the affected endpoint
🔍 How to Verify
Check if Vulnerable:
Test by sending a request to /Login?inpLostSession=1 with inpRedirectURL parameter pointing to an external service you control and checking if the server makes the requestCheck Version:
Check the application version in the admin interface or configuration filesVerify Fix Applied:
Test the same exploit attempt after implementing controls; the server should not make unauthorized external requests📡 Detection & Monitoring
Log Indicators:
- Unusual outbound HTTP requests from the application server
- Requests to /Login?inpLostSession=1 with suspicious inpRedirectURL values
Network Indicators:
- HTTP traffic from the application server to unexpected internal or external destinations
SIEM Query:
source="application_server" AND (url="*/Login?inpLostSession=1*" AND (inpRedirectURL="*://10.*" OR inpRedirectURL="*://192.168.*" OR inpRedirectURL="*://127.*" OR inpRedirectURL="*://localhost*"))