Cyber Resilience

CVE-2026-7025

Medium

Published: 26 April 2026

Published
26 April 2026
Modified
29 April 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0005 17.3th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7025 is a medium-severity SSRF (CWE-918) vulnerability in Github (inferred from references). Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-7025 is a server-side request forgery (SSRF) vulnerability in Typecho versions up to 1.3.0. It affects the Service::sendPingHandle function within the file var/Widget/Service.php, part of the Ping Back Service Endpoint. The issue arises from manipulation of the X-Pingback/link argument, allowing remote attackers to forge requests from the server.

The vulnerability can be exploited remotely by unauthenticated attackers with network access, as indicated by its CVSS 3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Successful exploitation enables limited impact on confidentiality, integrity, and availability through SSRF, potentially allowing attackers to interact with internal services or resources inaccessible from the internet.

Advisories from VulDB (including submit/797772, vuln/359605, and vuln/359605/cti) and a detailed report on wang1rrr.github.io detail the flaw but note no vendor response despite early contact. No patches or official mitigations are mentioned, leaving affected systems reliant on disabling the Ping Back Service Endpoint or input validation as potential workarounds.

An exploit for this vulnerability has been made public, increasing the risk of active exploitation in unpatched Typecho installations.

EU & UK References

Vulnerability details

A vulnerability was found in Typecho up to 1.3.0. This vulnerability affects the function Service::sendPingHandle of the file var/Widget/Service.php of the component Ping Back Service Endpoint. The manipulation of the argument X-Pingback/link results in server-side request forgery. The attack may…

more

be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SSRF vulnerability in public-facing Typecho web application exploitable remotely without authentication directly enables T1190 for initial access via exploitation of public-facing apps.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-6514Shared CWE-918
CVE-2026-44116Shared CWE-918
CVE-2026-21887Shared CWE-918
CVE-2026-31910Shared CWE-918
CVE-2026-48153Shared CWE-918
CVE-2026-45298Shared CWE-918
CVE-2026-39362Shared CWE-918
CVE-2026-31989Shared CWE-918
CVE-2025-27652Shared CWE-918
CVE-2026-42352Shared CWE-918

Affected Assets

Github
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates SSRF by validating the manipulated X-Pingback/link argument in the Ping Back Service Endpoint before processing requests.

prevent

Prevents exploitation by restricting the system to least functionality, such as disabling the unnecessary Ping Back Service Endpoint.

preventdetect

Provides defense-in-depth by monitoring and controlling outbound communications at boundaries to block SSRF attempts targeting internal resources.

References