Login Sign Up

CVE-2025-65836

9.1 CRITICAL
SSRF

📋 TL;DR

PublicCMS V5.202506.b contains a Server-Side Request Forgery (SSRF) vulnerability in the chat interface of SimpleAiAdminController. This allows attackers to make unauthorized requests to internal systems from the vulnerable server. Any organization using this specific version of PublicCMS with the chat interface enabled is affected.

💻 Affected Systems

Products:
  • PublicCMS
Versions: V5.202506.b
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires the chat interface to be accessible/used. The SimpleAiAdminController component must be present.

📦 What is this software?

Publiccms by Publiccms

View all CVEs affecting Publiccms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, exfiltrate sensitive data, or pivot to attack other internal systems from the compromised server.

🟠

Likely Case

Information disclosure from internal services, potential data exfiltration, and reconnaissance of internal network.

🟢

If Mitigated

Limited impact if network segmentation restricts the vulnerable server's access to sensitive internal resources.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation details are publicly available in GitHub repositories. Requires access to the chat interface, which may need authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://github.com/sanluan/PublicCMS/issues/99

Restart Required: No

Instructions:

No official patch available. Monitor the GitHub repository for updates and apply when released.

🔧 Temporary Workarounds

Disable Chat Interface

all

Remove or disable the SimpleAiAdminController chat interface to prevent exploitation.

# Remove or comment out chat interface routes in configuration files
# Disable the SimpleAiAdminController component

Network Segmentation

all

Restrict outbound network access from the PublicCMS server to only necessary external services.

# Configure firewall rules to block outbound requests to internal IP ranges
# Use network policies to limit server egress

🧯 If You Can't Patch

  • Implement strict input validation and URL filtering in the chat interface
  • Deploy a web application firewall (WAF) with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check if running PublicCMS version V5.202506.b and if the SimpleAiAdminController chat interface is accessible.

Check Version:

# Check PublicCMS version in admin panel or configuration files

Verify Fix Applied:

Verify that the chat interface is disabled or that the vulnerability is patched in a newer version.

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from the PublicCMS server to internal IP addresses
  • Chat interface requests with external URLs in parameters

Network Indicators:

  • Outbound requests from PublicCMS server to internal services not typically accessed

SIEM Query:

source="publiccms-logs" AND (url_contains="internal" OR dest_ip=private_ip_range)

📊 Metadata

CVE ID: CVE-2025-65836
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-918
EPSS Score: 0.05% exploit probability (15.6th percentile)
Published: December 1, 2025
Last Updated: December 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65836, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)