Vulnerabilities > CVE-2025-2997

CVSS 6.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

network

low complexity

CWE-918

NVD

Published: 2025-03-31

Updated: 2025-04-01

Summary

A vulnerability was found in zhangyanbo2007 youkefu 4.2.0. It has been classified as critical. Affected is an unknown function of the file /res/url. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://github.com/exp3n5ive/Vul/blob/main/youkefu/youkefu.pdf
https://vuldb.com/?ctiid.302046
https://vuldb.com/?id.302046
https://vuldb.com/?submit.524009

Vulnerabilities > CVE-2025-2997 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2025-2997"}]}

Summary

Common Weakness Enumeration (CWE)

References

Vulnerabilities > CVE-2025-2997