CVE-2025-29449
📋 TL;DR
A Server-Side Request Forgery (SSRF) vulnerability in twonav v2.1.18-20241105 allows remote attackers to access internal network resources and sensitive information via the link identification function. This affects all users running the vulnerable version of twonav. Attackers can exploit this without authentication to probe internal systems.
💻 Affected Systems
- twonav
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of internal network resources, data exfiltration from internal services, and potential lateral movement to other systems.
Likely Case
Information disclosure from internal services, enumeration of internal network topology, and potential access to cloud metadata services.
If Mitigated
Limited information disclosure if network segmentation and egress filtering are properly configured.
🎯 Exploit Status
The vulnerability is straightforward to exploit as it involves manipulating URL parameters. The referenced documentation provides technical details that could be used to create exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: No official vendor advisory found
Restart Required: No
Instructions:
1. Monitor the twonav project for security updates. 2. Check the project's official channels for patch announcements. 3. Apply any available updates immediately when released.
🔧 Temporary Workarounds
Disable vulnerable functionality
allDisable or restrict access to the link identification function if not required
Network egress filtering
allImplement outbound firewall rules to restrict twonav's ability to make requests to internal network resources
🧯 If You Can't Patch
- Isolate twonav instances in a restricted network segment with limited outbound access
- Implement web application firewall (WAF) rules to block SSRF patterns and restrict URL parameters
🔍 How to Verify
Check if Vulnerable:
Check if running twonav version 2.1.18-20241105. Test the link identification function with internal URLs to see if it returns data.Check Version:
Check twonav configuration files or web interface for version informationVerify Fix Applied:
After applying any available patch, retest the link identification function with internal URLs to confirm it no longer returns data.📡 Detection & Monitoring
Log Indicators:
- Unusual outbound requests from twonav to internal IP addresses
- Multiple failed attempts to access internal resources
- Requests to cloud metadata endpoints (169.254.169.254, etc.)
Network Indicators:
- Outbound HTTP requests from twonav to internal network ranges
- Requests to localhost/127.0.0.1 from twonav application
SIEM Query:
source="twonav" AND (dest_ip=10.0.0.0/8 OR dest_ip=172.16.0.0/12 OR dest_ip=192.168.0.0/16 OR dest_ip=127.0.0.1 OR dest_ip=169.254.169.254)