CVE-2025-36845HIGH 8.6EPSS p70.7%

CVE-2025-36845CVE-2025-36845

Description

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_internal/redirect.php allows for Server-Side Request Forgery (SSRF). The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only reachable by the application server.

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS1.49% probability of exploitation · percentile 70.7% · 2026-06-19T12:03:05Z
Published2025-07-21
Last modified2025-09-12

Underlying weaknesses· 1

CWE-918

References

  1. https://smartoffice.expert/en
  2. https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-035.txt

1

TypeTargetConfidenceTier
WeaknessServer-Side Request Forgery (SSRF)cwe-9180%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-36846
CVE
CVE-2025-60739
CVE
CVE-2025-27217
CVE
CVE-2025-25235
CVE
CVE-2025-60279
CVE
CVE-2025-52362
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.