CVE-2023-53893
Severity CVSS v4.0:
MEDIUM
Type:
CWE-918
Server-Side Request Forgery (SSRF)
Publication date:
15/12/2025
Last modified:
18/12/2025
Description
Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery vulnerability in the job callback URL parameter that allows attackers to bypass network restrictions. Attackers can exploit the unvalidated parameter to initiate file, service, and network enumeration by forcing the application to make HTTP, DNS, or file requests to arbitrary destinations.
Impact
Base Score 4.0
5.30
Severity 4.0
MEDIUM
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ateme:titan_file:3.9.8.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ateme:titan_file:3.9.9.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ateme:titan_file:3.9.11.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ateme:titan_file:3.9.12.4:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://www.ateme.com/product-titan-software/
- https://www.exploit-db.com/exploits/51582
- https://www.vulncheck.com/advisories/ateme-titan-file-authenticated-server-side-request-forgery-vulnerability
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5781.php
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5781.php