CVE-2025-13809
Severity CVSS v4.0:
MEDIUM
Type:
CWE-918
Server-Side Request Forgery (SSRF)
Publication date:
01/12/2025
Last modified:
01/12/2025
Description
A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection Handler. Such manipulation of the argument host/sshPort/username/password/authType leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. A patch should be applied to remediate this issue. The vendor was contacted early about this disclosure but did not respond in any way.
Impact
Base Score 4.0
5.30
Severity 4.0
MEDIUM
Base Score 3.x
6.30
Severity 3.x
MEDIUM
Base Score 2.0
6.50
Severity 2.0
MEDIUM
References to Advisories, Solutions, and Tools
- https://github.com/Xzzz111/exps/blob/main/archives/orion-ops-ssrf-1/report.md
- https://github.com/Xzzz111/exps/blob/main/archives/orion-ops-ssrf-1/report.md#proof-of-concept
- https://vuldb.com/?ctiid_333819=
- https://vuldb.com/?id_333819=
- https://vuldb.com/?submit_692069=
- https://github.com/Xzzz111/exps/blob/main/archives/orion-ops-ssrf-1/report.md
- https://github.com/Xzzz111/exps/blob/main/archives/orion-ops-ssrf-1/report.md#proof-of-concept