CVEPublished 2025-07-211 article on news6 live referencesNVD data

CVE-2025-36845

Vulnerability data via CVEDB (Shodan)

CVSS v3.1
8.6
HIGH
EPSS percentile
73
Exploit Prediction Scoring System · top 27% of all CVEs
Description

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_internal/redirect.php allows for Server-Side Request Forgery (SSRF). The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only reachable by the application server.

Timeline
Published 2025-07-21

External references

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

More intel sources (5)

Known PoCs on GitHub (5)