CVE-2025-11864

Severity CVSS v4.0:
MEDIUM
Type:
CWE-918 Server-Side Request Forgery (SSRF)
Publication date:
16/10/2025
Last modified:
16/10/2025

Description

A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the function extension.apply of the file /src/cluster.ts of the component Outbound Request Handler. Such manipulation of the argument https/ip/port/path/headers leads to server-side request forgery. The attack may be performed from remote.