CVE-2025-60319 – PerfreeBlog v4.0.11 contains a Server-Side Requ... (How to Fix)

📋 TL;DR

PerfreeBlog v4.0.11 contains a Server-Side Request Forgery vulnerability in the uploadAttachByUrl API endpoint that allows attackers to make unauthorized requests from the server. This could lead to internal network scanning, data exfiltration, or service disruption. All users running PerfreeBlog v4.0.11 are affected.

💻 Affected Systems

Products:

PerfreeBlog

Versions: v4.0.11

Operating Systems: All platforms running Java

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of PerfreeBlog v4.0.11 are vulnerable. The vulnerability requires access to the web interface.

📦 What is this software?

Perfreeblog by Perfree

View all CVEs affecting Perfreeblog →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, exfiltrate sensitive data, or use the server as a proxy for attacks against other systems.

🟠

Likely Case

Internal network reconnaissance, accessing metadata services, or limited data exposure from internal endpoints.

🟢

If Mitigated

Minimal impact if proper network segmentation and egress filtering are implemented.

🌐 Internet-Facing: HIGH - The vulnerable endpoint is accessible via web interface, making internet-facing instances prime targets.

🏢 Internal Only: MEDIUM - Internal instances still pose risk for lateral movement within the network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires understanding of the API endpoint and ability to craft SSRF requests. No authentication bypass is needed beyond standard web access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 103c79165e3a41a1729188fdc8a1e90c97c0a06d

Vendor Advisory: https://github.com/PerfreeBlog/PerfreeBlog/issues/20

Restart Required: No

Instructions:

1. Update to the latest PerfreeBlog version containing commit 103c79165e3a41a1729188fdc8a1e90c97c0a06d
2. Replace AttachController.java with the patched version
3. Recompile and redeploy the application

🔧 Temporary Workarounds

Network Egress Filtering

all

Implement firewall rules to restrict outbound connections from the PerfreeBlog server to only necessary services.

Endpoint Access Control

all

Restrict access to the uploadAttachByUrl endpoint using web application firewall rules or authentication requirements.

🧯 If You Can't Patch

Implement strict network segmentation to isolate the PerfreeBlog server from sensitive internal networks
Deploy a web application firewall with SSRF detection rules to block malicious requests

🔍 How to Verify

Check if Vulnerable:

Check if AttachController.java contains the vulnerable uploadAttachByUrl method without proper URL validation and authorization checks.

Check Version:

Check PerfreeBlog version in admin panel or examine pom.xml for version information

Verify Fix Applied:

Verify that commit 103c79165e3a41a1729188fdc8a1e90c97c0a06d is present in your codebase and that URL validation has been implemented.

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from server
Requests to internal IP addresses or metadata services
Multiple failed upload attempts with external URLs

Network Indicators:

Unexpected outbound connections from PerfreeBlog server to internal services
Traffic to cloud metadata endpoints (169.254.169.254, etc.)

SIEM Query:

source="perfreeblog" AND (url CONTAINS "uploadAttachByUrl" OR dest_ip IN [internal_ranges, metadata_services])

📊 Metadata

CVE ID: CVE-2025-60319

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE: CWE-918

EPSS Score: 0.06% exploit probability (17.3th percentile)

Published: October 30, 2025

Last Updated: December 9, 2025

🔗 References

https://github.com/PerfreeBlog/PerfreeBlog/commit/103c79165e3a41a1729188fdc8a1e90c97c0a06d Patch
https://github.com/PerfreeBlog/PerfreeBlog/issues/20 Issue Tracking,Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60319, you might also want to check these: