CVE-2025-32358

MEDIUM Year: 2025
CVSS v3 Score
4.1
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are triggered as POST requests when certain conditions are met. If a webhook endpoint returned a redirect response, Zammad would follow it automatically with another GET request. This could be abused by an attacker to cause GET requests for example in the local network.

Related Vulnerabilities

CVE-2018-13404

MEDIUM
CVSS:4.1(Medium)

The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9....

CWE-9182018

CVE-2019-6512

MEDIUM
CVSS:4.1(Medium)

An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF netwo...

CWE-9182019

CVE-2024-49822

MEDIUM
CVSS:4.1(Medium)

IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading ...

CWE-9182024

CVE-2024-56275

MEDIUM
CVSS:4.1(Medium)

Server-Side Request Forgery (SSRF) vulnerability in Envato Envato Elements allows Server Side Request Forgery.This issue affects Envato Elements: from n/a through 2.0.14.

CWE-9182024

CVE-2025-27907

MEDIUM
CVSS:4.1(Medium)

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially le...

CWE-9182025

CVE-2024-39338

MEDIUM
CVSS:4.0(Medium)

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

CWE-9182024