CVE-2025-5327 – This critical SSRF vulnerability in chshcms mcc... (How to Fix)

Q: What is the severity of CVE-2025-5327?

CVE-2025-5327 has a CVSS score of 6.3 (MEDIUM). This critical SSRF vulnerability in chshcms mccms 2.7 allows attackers to manipulate the 'pic' parameter to make the server send unauthorized requests to internal or external systems. It affects all installations of mccms 2.7 with the vulnerable API endpoint exposed. Remote attackers can exploit this without authentication.

📋 TL;DR

This critical SSRF vulnerability in chshcms mccms 2.7 allows attackers to manipulate the 'pic' parameter to make the server send unauthorized requests to internal or external systems. It affects all installations of mccms 2.7 with the vulnerable API endpoint exposed. Remote attackers can exploit this without authentication.

💻 Affected Systems

Products:

chshcms mccms

Versions: 2.7

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the default installation when the API endpoint is accessible.

📦 What is this software?

Mccms by Chshcms

View all CVEs affecting Mccms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, exfiltrate sensitive data, perform port scanning of internal networks, or chain with other vulnerabilities to achieve remote code execution.

🟠

Likely Case

Information disclosure from internal services, potential data exfiltration, and abuse of server resources for scanning or attacking other systems.

🟢

If Mitigated

Limited to probing internal network structure if proper network segmentation and egress filtering are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit documentation exists in Chinese, showing simple HTTP request manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None

Restart Required: No

Instructions:

No official patch available. Vendor did not respond to disclosure. Consider upgrading to a newer version if available or applying workarounds.

🔧 Temporary Workarounds

Block vulnerable endpoint

all

Restrict access to the vulnerable API endpoint using web server configuration or firewall rules.

# Apache: RewriteRule ^sys/apps/controllers/api/Gf.php - [F]
# Nginx: location ~ ^/sys/apps/controllers/api/Gf.php { deny all; }

Input validation filter

all

Add server-side validation to reject URLs in the 'pic' parameter that point to internal or non-whitelisted domains.

# PHP example: if(preg_match('/^(http|https):\/\/(localhost|127\.|192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)/', $_GET['pic'])) { die('Invalid URL'); }

🧯 If You Can't Patch

Implement strict network egress filtering to prevent the server from reaching internal services.
Deploy a Web Application Firewall (WAF) with SSRF protection rules to block malicious requests.

🔍 How to Verify

Check if Vulnerable:

Send a request to /sys/apps/controllers/api/Gf.php?pic=http://internal-service and check if server attempts to connect.

Check Version:

Check CMS version in admin panel or configuration files; look for 'mccms 2.7'.

Verify Fix Applied:

Test the same request after applying workarounds; it should be blocked or return an error.

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from server to internal IPs
Requests to /sys/apps/controllers/api/Gf.php with URL parameters

Network Indicators:

Server making unexpected HTTP requests to internal network segments

SIEM Query:

source="web_server" AND (uri="/sys/apps/controllers/api/Gf.php" OR outbound_dest_ip IN (RFC1918_IPs))

📊 Metadata

CVE ID: CVE-2025-5327

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-918

EPSS Score: 0.1% exploit probability (27.3th percentile)

Published: May 29, 2025

Last Updated: June 10, 2025

🔗 References

https://github.com/caigo8/CVE-md/blob/main/Mccms_V2.7/%E5%89%8D%E5%8F%B0SSRF.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.310497 Permissions Required,Third Party Advisory,VDB Entry
https://vuldb.com/?id.310497 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.582295 Third Party Advisory,VDB Entry
https://github.com/caigo8/CVE-md/blob/main/Mccms_V2.7/%E5%89%8D%E5%8F%B0SSRF.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5327, you might also want to check these: