Cyber Resilience

CVE-2025-52362

Critical

Published: 21 July 2025

Published
21 July 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0026 49.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-52362 is a critical-severity SSRF (CWE-918) vulnerability. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 49.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-4 (Information Flow Enforcement).

Deeper analysis

CVE-2025-52362, published on 2025-07-21, is a Server-Side Request Forgery (SSRF) vulnerability classified under CWE-918 in the URL processing functionality of PHProxy version 1.1.1 and prior. The issue stems from inadequate input validation for the _proxurl parameter, which can be bypassed by attackers submitting malicious input.

A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Successful exploitation allows the attacker to submit a specially crafted URL, potentially leading to high confidentiality and integrity impacts through unauthorized server-side requests.

Mitigation details and additional information are available in the referenced advisories, including a Gist at https://gist.github.com/Shulelk/a18c11866be8609b22ff5df780a42422 and the PHProxy GitHub repository at https://github.com/PHProxy/phproxy.

EU & UK References

Vulnerability details

Server-Side Request Forgery (SSRF) vulnerability exists in the URL processing functionality of PHProxy version 1.1.1 and prior. The input validation for the _proxurl parameter can be bypassed, allowing a remote, unauthenticated attacker to submit a specially crafted URL

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SSRF in public-facing PHProxy directly matches exploitation of a public-facing application (T1190) via crafted external requests.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-6514Shared CWE-918
CVE-2026-44116Shared CWE-918
CVE-2026-21887Shared CWE-918
CVE-2026-31910Shared CWE-918
CVE-2026-48153Shared CWE-918
CVE-2026-45298Shared CWE-918
CVE-2026-39362Shared CWE-918
CVE-2026-31989Shared CWE-918
CVE-2025-27652Shared CWE-918
CVE-2026-42352Shared CWE-918

Affected Assets

PHProxy
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the core issue of inadequate input validation for the _proxurl parameter by requiring comprehensive checks on URL inputs to block SSRF exploitation.

preventdetect

Monitors and controls communications at system boundaries to block or detect unauthorized outbound requests triggered by SSRF to internal resources.

prevent

Enforces information flow control policies to restrict server-side requests from reaching unauthorized destinations exploited via SSRF.

References