CVE-2025-28089
📋 TL;DR
This SSRF vulnerability in maccms10 allows attackers to make the server send unauthorized requests to internal systems via the Scheduled Task function. Attackers can potentially access internal services, scan internal networks, or interact with cloud metadata APIs. All users running vulnerable versions of maccms10 are affected.
💻 Affected Systems
- maccms10
📦 What is this software?
Maccms by Maccms
⚠️ Risk & Real-World Impact
Worst Case
Complete internal network compromise via cloud metadata API access leading to credential theft, lateral movement, and data exfiltration.
Likely Case
Internal service enumeration, port scanning of internal systems, and potential data leakage from internal APIs.
If Mitigated
Limited to external resource interaction if proper network segmentation and egress filtering are implemented.
🎯 Exploit Status
Exploitation requires access to the Scheduled Task interface, which typically requires authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v2025.1000.4048 or later
Vendor Advisory: https://github.com/magicblack/maccms10/releases/tag/v2025.1000.4047
Restart Required: No
Instructions:
1. Download latest version from GitHub releases. 2. Backup current installation. 3. Replace vulnerable files with patched version. 4. Verify functionality.
🔧 Temporary Workarounds
Disable Scheduled Tasks
allTemporarily disable the Scheduled Task functionality to prevent exploitation.
# Edit maccms10 configuration to disable scheduled tasks
# Remove or comment out scheduled task execution in cron/automation
Network Egress Filtering
linuxImplement firewall rules to restrict outbound connections from the maccms10 server.
# Example iptables rule to restrict outbound HTTP/HTTPS
iptables -A OUTPUT -p tcp --dport 80 -j DROP
iptables -A OUTPUT -p tcp --dport 443 -j DROP
🧯 If You Can't Patch
- Implement strict network segmentation to isolate maccms10 from internal systems
- Deploy web application firewall with SSRF protection rules
🔍 How to Verify
Check if Vulnerable:
Check if maccms10 version is v2025.1000.4047 or earlier and Scheduled Task function is accessible.Check Version:
Check maccms10 admin panel or version.php file for version informationVerify Fix Applied:
Verify version is v2025.1000.4048 or later and test Scheduled Task function with SSRF payloads.📡 Detection & Monitoring
Log Indicators:
- Unusual outbound HTTP requests from maccms10 server
- Scheduled task executions with external URLs
- Requests to internal IP addresses or cloud metadata endpoints
Network Indicators:
- HTTP requests from maccms10 server to internal network segments
- Requests to 169.254.169.254 (AWS metadata) or similar cloud endpoints
SIEM Query:
source="maccms10" AND (url CONTAINS "http://internal" OR url CONTAINS "169.254.169.254")