216.73.217.64

CVE-2025-32358

· Published 05/04/2025 21:15 · Modified 05/04/2025 21:15

Labels: CVE-2025-32358 2025-04-05CVE-2025-32358CWE-918[email protected]

Essential information

Published
05/04/2025 21:15
Modified
05/04/2025 21:15
Author
Creator
CVSS
4.0 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

CVSS metrics

Description

In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are triggered as POST requests when certain conditions are met. If a webhook endpoint returned a redirect response, Zammad would follow it automatically with another GET request. This could be abused by an attacker to cause GET requests for example in the local network.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
zammad / zammad cpe:2.3:a:zammad:zammad:<6.4.2:*:*:*:*:*:*:*

References