Cyber Resilience

CVE-2025-28091

CriticalPublic PoC

Published: 28 March 2025

Published
28 March 2025
Modified
07 April 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0018 38.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-28091 is a critical-severity SSRF (CWE-918) vulnerability in Maccms Maccms. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-28091 is a Server-Side Request Forgery (SSRF) vulnerability, classified under CWE-918, affecting maccms10 version 2025.1000.4047. The issue arises via the Add Article functionality, allowing forged requests from the server side. It has a CVSS v3.1 base score of 9.1 (Critical), with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N, indicating network accessibility, low attack complexity, no privileges or user interaction required, unchanged impact scope, high confidentiality and integrity impacts, and no availability impact. The vulnerability was published on 2025-03-28.

Any unauthenticated attacker with network access can exploit this SSRF vulnerability remotely. By leveraging the Add Article feature, an attacker can trick the server into making unauthorized requests, potentially accessing internal services, bypassing firewalls, or interacting with resources not directly exposed to the internet. Successful exploitation enables high-level confidentiality breaches, such as reading sensitive data, and integrity violations, like modifying internal states, without disrupting availability.

Mitigation details and additional technical analysis are provided in advisories at https://www.yuque.com/morysummer/vx41bz/ax55rxv4u3our1ic and https://www.yuque.com/morysummer/vx41bz/xo5w1euakvtgenex. Security practitioners should review these for patching instructions or workarounds specific to maccms10.

EU & UK References

Vulnerability details

maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1046 Network Service Discovery Discovery
Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.
Why these techniques?

SSRF vulnerability in public-facing maccms10 Add Article feature enables remote unauthenticated exploitation of the application (T1190) and facilitates internal network service discovery by forging requests to non-public resources (T1046).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-28089Same product: Maccms Maccms
CVE-2025-28090Same product: Maccms Maccms
CVE-2024-13924Shared CWE-918
CVE-2026-42860Shared CWE-918
CVE-2025-25785Shared CWE-918
CVE-2024-53705Shared CWE-918
CVE-2026-5418Shared CWE-918
CVE-2026-45082Shared CWE-918
CVE-2026-7065Shared CWE-918
CVE-2025-55150Shared CWE-918

Affected Assets

maccms
maccms
10.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents SSRF in the Add Article functionality by validating user-supplied inputs such as URLs to block forged server-side requests.

prevent

Enforces flow control policies to restrict the application server from initiating unauthorized requests to internal or external resources exploited via SSRF.

preventdetect

Monitors and controls communications at system boundaries and internal interfaces to block or detect SSRF attempts reaching sensitive internal services.

References