CVE-2025-36845 – This Server-Side Request Forgery (SSRF) vulnera... (How to Fix)

Q: What is the severity of CVE-2025-36845?

CVE-2025-36845 has a CVSS score of 8.6 (HIGH). This Server-Side Request Forgery (SSRF) vulnerability in Eveo URVE Web Manager allows attackers to make the application server send requests to internal network resources. Attackers can potentially access sensitive internal services, read local files, or scan internal networks. All installations of Eveo URVE Web Manager version 27.02.2025 are affected.

📋 TL;DR

This Server-Side Request Forgery (SSRF) vulnerability in Eveo URVE Web Manager allows attackers to make the application server send requests to internal network resources. Attackers can potentially access sensitive internal services, read local files, or scan internal networks. All installations of Eveo URVE Web Manager version 27.02.2025 are affected.

💻 Affected Systems

Products:

Eveo URVE Web Manager

Versions: 27.02.2025

Operating Systems: All platforms running the software

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerable endpoint /_internal/redirect.php appears to be part of standard functionality.

📦 What is this software?

Urve Web Manager by Eveo

View all CVEs affecting Urve Web Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of internal network through chained attacks, data exfiltration from internal services, or lateral movement to critical systems.

🟠

Likely Case

Information disclosure from internal services, internal network scanning, or accessing metadata services in cloud environments.

🟢

If Mitigated

Limited to external resource probing if proper network segmentation and input validation are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SSRF vulnerabilities are commonly exploited and tools exist for automated exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://smartoffice.expert/en

Restart Required: No

Instructions:

Check vendor website for security updates. If patch available: 1. Backup current installation 2. Apply vendor-provided patch 3. Test functionality 4. Monitor for issues

🔧 Temporary Workarounds

Block vulnerable endpoint

all

Restrict access to /_internal/redirect.php endpoint

# Apache: RewriteRule ^/_internal/redirect\.php$ - [F,L]
# Nginx: location ~ ^/_internal/redirect\.php$ { deny all; }

Input validation at WAF

all

Implement SSRF protection rules in web application firewall

# ModSecurity rule: SecRule ARGS "@rx ^(http|https)://" "id:1001,phase:2,deny,msg:'SSRF attempt detected'"

🧯 If You Can't Patch

Implement strict network segmentation to limit application server's internal network access
Deploy web application firewall with SSRF detection rules

🔍 How to Verify

Check if Vulnerable:

Test if /_internal/redirect.php endpoint accepts URL parameters and returns external content. Example: curl 'http://target/_internal/redirect.php?url=http://example.com'

Check Version:

Check application version in admin interface or configuration files

Verify Fix Applied:

Verify endpoint no longer processes external URLs or returns error. Test with same curl command expecting failure.

📡 Detection & Monitoring

Log Indicators:

Requests to /_internal/redirect.php with URL parameters
Outbound connections from application server to unusual internal IPs

Network Indicators:

Application server making unexpected HTTP requests to internal services
Traffic patterns showing scanning behavior from application server

SIEM Query:

source="web_logs" AND uri="/_internal/redirect.php" AND query_string="*url=*"

📊 Metadata

CVE ID: CVE-2025-36845

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE: CWE-918

EPSS Score: 8.13% exploit probability (92th percentile)

Published: July 21, 2025

Last Updated: September 12, 2025

🔗 References

https://smartoffice.expert/en Product
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-035.txt Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36845, you might also want to check these: