Login Sign Up

CVE-2025-7759

6.3 MEDIUM
SSRF

📋 TL;DR

This CVE-2025-7759 is a Server-Side Request Forgery (SSRF) vulnerability in thinkgem JeeSite's UEditor image grabber component. Attackers can manipulate the 'Source' parameter to make the server send unauthorized requests to internal systems. This affects JeeSite versions up to 5.12.0 with the vulnerable component enabled.

💻 Affected Systems

Products:
  • thinkgem JeeSite
Versions: Up to and including 5.12.0
Operating Systems: All platforms running JeeSite
Default Config Vulnerable: ⚠️ Yes
Notes: Requires the UEditor image grabber component to be enabled and accessible.

📦 What is this software?

Jeesite by Jeesite

View all CVEs affecting Jeesite →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, exfiltrate sensitive data, or pivot to attack other internal systems through the vulnerable server.

🟠

Likely Case

Information disclosure from internal services, potential data exfiltration, or scanning of internal network resources.

🟢

If Mitigated

Limited impact if proper network segmentation and input validation are in place, though SSRF risks remain.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code exists on GitHub, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 1c5e49b0818037452148e0f8ff69ed04cb8fefdc

Vendor Advisory: https://github.com/thinkgem/jeesite5/issues/27

Restart Required: Yes

Instructions:

1. Update to the latest JeeSite version containing commit 1c5e49b. 2. Apply the patch from the GitHub repository. 3. Restart the JeeSite application server.

🔧 Temporary Workarounds

Disable UEditor Image Grabber

all

Disable the vulnerable UEditor image grabber component if not required.

Modify JeeSite configuration to disable UEditor image grabber functionality

Network Segmentation

all

Restrict outbound network access from the JeeSite server to only necessary services.

Configure firewall rules to limit outbound connections from JeeSite server

🧯 If You Can't Patch

  • Implement strict input validation for the 'Source' parameter to reject malicious URLs
  • Deploy a web application firewall (WAF) with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check if JeeSite version is 5.12.0 or earlier and UEditor image grabber is enabled.

Check Version:

Check JeeSite version in application properties or via admin interface

Verify Fix Applied:

Verify that commit 1c5e49b is present in the codebase and test SSRF attempts are blocked.

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from JeeSite server
  • Requests to internal IP addresses or localhost from UEditor component

Network Indicators:

  • Outbound connections from JeeSite server to unexpected internal services
  • HTTP requests with manipulated Source parameters

SIEM Query:

source_ip="JeeSite_server" AND (dest_ip IN internal_ranges OR dest_ip=127.0.0.1) AND uri_path CONTAINS "ueditor"

📊 Metadata

CVE ID: CVE-2025-7759
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-918
EPSS Score: 0.07% exploit probability (21.5th percentile)
Published: July 17, 2025
Last Updated: October 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7759, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)