Login Sign Up

CVE-2025-50234

6.5 MEDIUM
SSRF

📋 TL;DR

MCCMS v2.7.0 has a server-side request forgery (SSRF) vulnerability that allows attackers to make the application send requests to internal systems and read local files. This can lead to sensitive data exposure, including configuration files and system information. Any system running the vulnerable MCCMS version is affected.

💻 Affected Systems

Products:
  • MCCMS
Versions: v2.7.0
Operating Systems: All platforms running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default installation with the hard-coded encryption key.

📦 What is this software?

Mccms by Chshcms

View all CVEs affecting Mccms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through file reading leading to credential theft, privilege escalation, or remote code execution via exposed internal services.

🟠

Likely Case

Sensitive information leakage including configuration files, logs, and internal service data accessible via SSRF.

🟢

If Mitigated

Limited impact with proper network segmentation and input validation, but still poses information disclosure risk.

🌐 Internet-Facing: HIGH - Directly exploitable via web requests without authentication.
🏢 Internal Only: MEDIUM - Still exploitable from internal networks but requires network access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires crafting encrypted payloads using the hard-coded key, but no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check with vendor for patched version

Vendor Advisory: Not provided in references

Restart Required: No

Instructions:

1. Update to latest MCCMS version from official source. 2. Replace hard-coded encryption key with secure random key. 3. Implement URL validation in geturl() method to block internal addresses and file:// protocol.

🔧 Temporary Workarounds

Input Validation Filter

all

Add validation to block internal IPs and file:// protocol in the vulnerable endpoint

Modify sys/apps/controllers/api/Gf.php to validate URLs before geturl() call

Network Segmentation

all

Restrict outbound network access from web server to prevent SSRF exploitation

Configure firewall to block web server from accessing internal networks

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block requests containing encrypted pic parameters
  • Disable or restrict access to the vulnerable API endpoint (/api/gf)

🔍 How to Verify

Check if Vulnerable:

Check if MCCMS version is 2.7.0 and examine sys/apps/controllers/api/Gf.php for the vulnerable index() method

Check Version:

Check MCCMS version in configuration files or admin panel

Verify Fix Applied:

Verify that URL validation is implemented in geturl() method and hard-coded key is replaced

📡 Detection & Monitoring

Log Indicators:

  • Unusual requests to /api/gf endpoint with encrypted parameters
  • Outbound requests from web server to internal IPs

Network Indicators:

  • Web server making requests to 127.0.0.1, localhost, or file:// URLs

SIEM Query:

source="web_logs" AND uri="/api/gf" AND (param="pic" OR contains(uri, "encrypted"))

📊 Metadata

CVE ID: CVE-2025-50234
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE: CWE-918
EPSS Score: 0.09% exploit probability (25.3th percentile)
Published: August 6, 2025
Last Updated: August 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-50234, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)