CVE-2025-11864
Severity CVSS v4.0:
MEDIUM
Type:
CWE-918
Server-Side Request Forgery (SSRF)
Publication date:
16/10/2025
Last modified:
16/10/2025
Description
A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the function extension.apply of the file /src/cluster.ts of the component Outbound Request Handler. Such manipulation of the argument https/ip/port/path/headers leads to server-side request forgery. The attack may be performed from remote.
Impact
Base Score 4.0
6.90
Severity 4.0
MEDIUM
Base Score 3.x
7.30
Severity 3.x
HIGH
Base Score 2.0
7.50
Severity 2.0
HIGH