CVE-2025-22374

A Server-Side Request Forgery (SSRF) vulnerability was discovered in the videx-legacy-ssl web service of Videx’s CyberAudit-Web, affecting versions prior to 1.1.3. This vulnerability has been patched in versions after 1.1.3. Leaving this vulnerability unpatched could lead to unauthorized access to the underlying infrastructure.

CVSS

No CVSS.

References

Link	Resource
https://csirt.divd.nl/CVE-2025-22374
https://csirt.divd.nl/DIVD-2024-00043/

Configurations

No configuration.

History

11 Apr 2025, 15:39

Type	Values Removed	Values Added
Summary		(es) Se descubrió una vulnerabilidad de Server-Side Request Forgery (SSRF) en el servicio web videx-legacy-ssl de CyberAudit-Web de Videx, que afecta a versiones anteriores a la 1.1.3. Esta vulnerabilidad ha sido corregida en versiones posteriores a la 1.1.3. Si no se soluciona este problema, se podría producir un acceso no autorizado a la infraestructura subyacente.

10 Apr 2025, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-10 11:15

Updated : 2025-04-11 15:39

NVD link : CVE-2025-22374

Mitre link : CVE-2025-22374

CVE.ORG link : CVE-2025-22374

JSON object : View

Products Affected

No product.

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2025-22374", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "csirt@divd.nl", "cvssData": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 6.0, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:D/RE:L/U:Green", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "GREEN", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "LOW", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-10T11:15:44.587", "references": [{"url": "https://csirt.divd.nl/CVE-2025-22374", "source": "csirt@divd.nl"}, {"url": "https://csirt.divd.nl/DIVD-2024-00043/", "source": "csirt@divd.nl"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "csirt@divd.nl", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "A Server-Side Request Forgery (SSRF) vulnerability was discovered in the videx-legacy-ssl web service of Videx\u2019s CyberAudit-Web, affecting versions prior to 1.1.3. This vulnerability has been patched in versions after 1.1.3. Leaving this vulnerability unpatched could lead to unauthorized access to the underlying infrastructure."}, {"lang": "es", "value": " Se descubri\u00f3 una vulnerabilidad de Server-Side Request Forgery (SSRF) en el servicio web videx-legacy-ssl de CyberAudit-Web de Videx, que afecta a versiones anteriores a la 1.1.3. Esta vulnerabilidad ha sido corregida en versiones posteriores a la 1.1.3. Si no se soluciona este problema, se podr\u00eda producir un acceso no autorizado a la infraestructura subyacente."}], "lastModified": "2025-04-11T15:39:52.920", "sourceIdentifier": "csirt@divd.nl"}