CVE-2025-10695
OpenSupports 4.11.0 — SSRF via test imap and smtp endpoints
Two unauthenticated diagnostic endpoints allow arbitrary backend-initiated network connections to an attacker‑supplied destination. Both endpoints are exposed with permission => 'any', enabling unauthenticated SSRF for internal network scanning and service interaction.
This issue affects OpenSupports: 4.11.0.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
OpenSupports · OpenSupports¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →