CVE-2024-25181

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

29/12/2025

Last modified:

29/12/2025

Description

A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery (SSRF) and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "file_get_contents" function within the "save.php" file.

Impact

References to Advisories, Solutions, and Tools

https://gist.github.com/joaoviictorti/69cbae23d98fb9a1a4b3eee0c305c7de