Login Sign Up

CVE-2025-28093

6.3 MEDIUM
SSRF

📋 TL;DR

ShopXO v6.4.0 contains a Server-Side Request Forgery (SSRF) vulnerability in its email settings functionality. This allows authenticated attackers to make the server send HTTP requests to arbitrary internal or external systems. Users running ShopXO v6.4.0 with email configuration access are affected.

💻 Affected Systems

Products:
  • ShopXO
Versions: v6.4.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to email settings functionality. The vulnerability is in the email configuration interface.

📦 What is this software?

Shopxo by Shopxo

View all CVEs affecting Shopxo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, scan internal networks, interact with cloud metadata services to obtain credentials, or perform port scanning of internal infrastructure.

🟠

Likely Case

Attackers with email configuration access could probe internal networks, access internal web applications, or interact with services on localhost that shouldn't be externally accessible.

🟢

If Mitigated

With proper network segmentation and egress filtering, impact is limited to what the server can reach within its allowed network boundaries.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

The referenced documentation shows exploitation details. Requires authenticated access to the email settings interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Monitor official ShopXO channels for security updates. 2. Check if newer versions beyond v6.4.0 address this vulnerability. 3. Apply any available patches immediately when released.

🔧 Temporary Workarounds

Restrict Email Settings Access

all

Limit access to the email configuration interface to only essential administrators.

Implement Network Egress Filtering

all

Configure firewall rules to restrict outbound connections from the ShopXO server to only necessary external services.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate the ShopXO server from sensitive internal systems
  • Deploy a web application firewall (WAF) with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check if running ShopXO v6.4.0 and review email settings functionality for SSRF vectors

Check Version:

Check ShopXO admin panel or configuration files for version information

Verify Fix Applied:

Test email settings functionality with SSRF payloads after applying any patches or workarounds

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from the ShopXO server to internal IP addresses or unexpected domains
  • Multiple failed connection attempts to internal services from the ShopXO server

Network Indicators:

  • HTTP requests from ShopXO server to internal network ranges, localhost, or cloud metadata endpoints

SIEM Query:

source_ip=shopxo_server_ip AND (dest_ip=internal_range OR dest_ip=127.0.0.1 OR dest_ip=169.254.169.254)

📊 Metadata

CVE ID: CVE-2025-28093
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-918
EPSS Score: 0.27% exploit probability (49.8th percentile)
Published: March 28, 2025
Last Updated: April 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-28093, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)