216.73.217.98

CVE-2025-46651

· Published 03/02/2026 18:16 · Modified 04/02/2026 16:34

Labels: CVE-2025-46651 2026-02-03CVE-2025-46651CWE-918[email protected]

Essential information

Published
03/02/2026 18:16
Modified
04/02/2026 16:34
Author
Creator
CVSS
9.1 CRITICAL (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS metrics

Description

Tiny File Manager through 2.6 contains a server-side request forgery (SSRF) vulnerability in the URL upload feature. Due to insufficient validation of user-supplied URLs, an attacker can send crafted requests to localhost by using http://www.127.0.0.1.example.com/ or a similarly constructed domain name. This may lead to unauthorized port scanning or access to internal-only services.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
tiny file manager / tiny file manager cpe:2.3:a:tiny_file_manager:tiny_file_manager:<2.6:*:*:*:*:*:*:*

References