Login Sign Up

CVE-2025-6762

6.3 MEDIUM
SSRF

📋 TL;DR

This critical vulnerability in diyhi bbs allows remote attackers to perform server-side request forgery (SSRF) by manipulating the Host header in the admin login component. Attackers can force the server to make unauthorized requests to internal or external systems. All users running diyhi bbs versions up to 6.8 are affected.

💻 Affected Systems

Products:
  • diyhi bbs
Versions: Up to and including version 6.8
Operating Systems: All platforms running diyhi bbs
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the admin login component at /admin/login when processing HTTP Host headers.

📦 What is this software?

Bbs by Diyhi

View all CVEs affecting Bbs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of internal network services, data exfiltration, or lateral movement to other systems through the vulnerable server.

🟠

Likely Case

Unauthorized access to internal services, information disclosure from internal endpoints, or potential credential theft.

🟢

If Mitigated

Limited impact if proper network segmentation and input validation are in place, though SSRF risks remain.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public proof-of-concept available on GitHub, exploitation requires only HTTP request manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to version 6.9+ if released, or apply workarounds.

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rules

all

Block or sanitize malicious Host header values at the WAF or reverse proxy level.

# Example nginx config: if ($http_host !~ "^yourdomain\.com$") { return 444; }

Input Validation

all

Implement strict validation of Host header values in the application code.

# Validate Host header matches allowed domains only

🧯 If You Can't Patch

  • Implement network segmentation to restrict the vulnerable server's outbound connections.
  • Deploy a reverse proxy with strict Host header validation before requests reach the application.

🔍 How to Verify

Check if Vulnerable:

Test by sending a crafted HTTP request to /admin/login with a malicious Host header and observing server behavior.

Check Version:

Check diyhi bbs version in admin panel or configuration files.

Verify Fix Applied:

Verify that malicious Host headers are rejected or sanitized, and the server no longer makes unauthorized requests.

📡 Detection & Monitoring

Log Indicators:

  • Unusual Host header values in access logs
  • Outbound requests from server to unexpected internal/external IPs

Network Indicators:

  • HTTP requests with manipulated Host headers
  • Server making requests to internal services not normally accessed

SIEM Query:

source="web_logs" AND (http_host!="expected_domain" OR http_host CONTAINS "internal_ip")

📊 Metadata

CVE ID: CVE-2025-6762
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-918
EPSS Score: 0.06% exploit probability (19th percentile)
Published: June 27, 2025
Last Updated: September 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-6762, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)