CVE-2025-48739

Severity CVSS v4.0:

MEDIUM

Type:

CWE-918 Server-Side Request Forgery (SSRF)

Publication date:

23/05/2025

Last modified:

28/05/2025

Description

A Server-Side Request Forgery (SSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows remote authenticated attackers with admin permissions (allowing them to access specific API endpoints) to manipulate URLs to direct requests to unexpected hosts or ports. This allows the attacker to use a TheHive server as a proxy to reach internal or otherwise restricted resources. This could be exploited to access other servers on the internal network.

Impact

Vector 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L CVSS v4.0 Severity and Metrics:

Base Score: 4.60 MEDIUM
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L

Attack Vector (AV): Network
Attack Complexity (AC): Low
Attack Requirements (AT): None
Privileges Required (PR): High
User Interaction (UI): Active
Confidentiality (VC): Low
Integrity (VI): None
Availability (VA): None
Confidentiality (SC): Low
Integrity (SI): Low
Availability (SA): Low

Base Score 4.0

4.60

Severity 4.0

MEDIUM

References to Advisories, Solutions, and Tools

https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2025-002.md