CVE-2025-0474
Published: 14 January 2025
Summary
CVE-2025-0474 is a high-severity SSRF (CWE-918) vulnerability. Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 45.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-0474 is an authenticated Server-Side Request Forgery (SSRF) vulnerability in Invoice Ninja, affecting versions from 5.8.56 through 5.11.23. The flaw, tied to CWE-918, enables arbitrary file reads and network resource requests executed as the application user. It carries a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N), highlighting high confidentiality impact with changed scope.
Authenticated users with low privileges (PR:L) can exploit this over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Exploitation allows reading sensitive arbitrary files on the server and issuing requests to internal or external network resources under the application's user context, potentially exposing confidential data or enabling further reconnaissance and pivoting.
Vendor patches address the issue, as detailed in GitHub commit 2a9bf353b432d7060e85487b617151ecbc36247d and the compare between 97ae948618230c1812f3223b80bf22dcb0382dc5 and 435780932fe19063001d79ba518815df62773d71. Additional mitigation guidance appears in the VulnCheck advisory at https://vulncheck.com/advisories/invoice-ninja-ssrf.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-1699
Vulnerability details
Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery (SSRF) allowing for arbitrary file read and network resource requests as the application user. This issue affects Invoice Ninja: from 5.8.56 through 5.11.23.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF directly enables arbitrary local file reads (T1005) and internal network requests facilitating remote system and service discovery (T1018, T1046).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the SSRF vulnerability through timely identification, reporting, and application of vendor-provided patches for affected Invoice Ninja versions.
Validates user inputs at points where they are used to construct server-side requests, preventing SSRF exploitation for arbitrary file reads and network resource access.
Limits the application user's privileges to the minimum necessary, reducing the impact of SSRF by restricting access to sensitive files and network resources.