CVE-2025-28091
Published: 28 March 2025
Summary
CVE-2025-28091 is a critical-severity SSRF (CWE-918) vulnerability in Maccms Maccms. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-28091 is a Server-Side Request Forgery (SSRF) vulnerability, classified under CWE-918, affecting maccms10 version 2025.1000.4047. The issue arises via the Add Article functionality, allowing forged requests from the server side. It has a CVSS v3.1 base score of 9.1 (Critical), with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N, indicating network accessibility, low attack complexity, no privileges or user interaction required, unchanged impact scope, high confidentiality and integrity impacts, and no availability impact. The vulnerability was published on 2025-03-28.
Any unauthenticated attacker with network access can exploit this SSRF vulnerability remotely. By leveraging the Add Article feature, an attacker can trick the server into making unauthorized requests, potentially accessing internal services, bypassing firewalls, or interacting with resources not directly exposed to the internet. Successful exploitation enables high-level confidentiality breaches, such as reading sensitive data, and integrity violations, like modifying internal states, without disrupting availability.
Mitigation details and additional technical analysis are provided in advisories at https://www.yuque.com/morysummer/vx41bz/ax55rxv4u3our1ic and https://www.yuque.com/morysummer/vx41bz/xo5w1euakvtgenex. Security practitioners should review these for patching instructions or workarounds specific to maccms10.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-8658
Vulnerability details
maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF vulnerability in public-facing maccms10 Add Article feature enables remote unauthenticated exploitation of the application (T1190) and facilitates internal network service discovery by forging requests to non-public resources (T1046).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents SSRF in the Add Article functionality by validating user-supplied inputs such as URLs to block forged server-side requests.
Enforces flow control policies to restrict the application server from initiating unauthorized requests to internal or external resources exploited via SSRF.
Monitors and controls communications at system boundaries and internal interfaces to block or detect SSRF attempts reaching sensitive internal services.