CVE-2025-45250 – MrDoc v0.95 and earlier contains a Server-Side ... (How to Fix)

Q: What is the severity of CVE-2025-45250?

CVE-2025-45250 has a CVSS score of 5.5 (MEDIUM). MrDoc v0.95 and earlier contains a Server-Side Request Forgery (SSRF) vulnerability in the validate_url function that allows attackers to make unauthorized requests from the server. This could enable internal network scanning, data exfiltration, or interaction with internal services. All users running vulnerable versions are affected.

📋 TL;DR

MrDoc v0.95 and earlier contains a Server-Side Request Forgery (SSRF) vulnerability in the validate_url function that allows attackers to make unauthorized requests from the server. This could enable internal network scanning, data exfiltration, or interaction with internal services. All users running vulnerable versions are affected.

💻 Affected Systems

Products:

MrDoc

Versions: v0.95 and earlier

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with the vulnerable code are affected regardless of configuration.

📦 What is this software?

Mrdoc by Mrdoc

View all CVEs affecting Mrdoc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker accesses internal services, exfiltrates sensitive data, or performs lateral movement within the network infrastructure.

🟠

Likely Case

Internal network reconnaissance, limited data exposure from accessible internal endpoints, or denial of service through resource exhaustion.

🟢

If Mitigated

Limited to port scanning of internal services if proper network segmentation and egress filtering are implemented.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction but is technically simple once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.96 or later

Vendor Advisory: https://github.com/zmister2016/MrDoc

Restart Required: Yes

Instructions:

1. Backup your MrDoc installation and data. 2. Update to v0.96 or later from the official repository. 3. Restart the MrDoc service. 4. Verify the update was successful.

🔧 Temporary Workarounds

URL Validation Enhancement

all

Implement stricter URL validation to block internal IP addresses and restricted protocols

Modify app_doc/utils.py validate_url function to reject private IP ranges and non-HTTP/HTTPS protocols

Network Egress Filtering

linux

Restrict outbound connections from MrDoc server to only necessary external services

iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
iptables -A OUTPUT -j DROP

🧯 If You Can't Patch

Implement network segmentation to isolate MrDoc from sensitive internal services
Deploy a web application firewall with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check if MrDoc version is 0.95 or earlier by examining the version file or admin interface

Check Version:

grep -r "version" MrDoc/version.py or check admin dashboard

Verify Fix Applied:

Confirm version is 0.96 or later and test URL validation with internal IP addresses

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from MrDoc server
Requests to internal IP addresses or unusual ports

Network Indicators:

MrDoc server making unexpected outbound connections
Traffic to internal network segments from web server

SIEM Query:

source="MrDoc" AND (dest_ip=10.0.0.0/8 OR dest_ip=172.16.0.0/12 OR dest_ip=192.168.0.0/16)

📊 Metadata

CVE ID: CVE-2025-45250

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE: CWE-918

EPSS Score: 0.03% exploit probability (9.1th percentile)

Published: May 6, 2025

Last Updated: June 27, 2025

🔗 References

https://github.com/Anike-x/CVE-2025-45250 Exploit,Third Party Advisory
https://github.com/zmister2016/MrDoc Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-45250, you might also want to check these: