CVE-2025-22374

SSRF in CyberAudit-Web videx-legacy-ssl

CVE

CVE-2025-22374

Title

SSRF in CyberAudit-Web videx-legacy-ssl

Credits

Hidde Smit (DIVD) (finder)
Wietse Boonstra (DIVD) (finder)
Max van der Horst (DIVD) (analyst)

Affected products

Product	Affected	Unaffected	Unknown
Videx Inc. CyberAudit-Web	= <= 1.1.3 ()
Videx Inc. CyberAudit-Web		everything else

CVSS

Base score	6 - MEDIUM
Attack Vector	NETWORK
Attack Complexity>	LOW
Attack Requirements	PRESENT
Privileges Required	LOW
Confidentiality Impact
Vulnerable system	HIGH	Subsequent systems	LOW
Integrity Impact
Vulnerable system	NONE	Subsequent systems	LOW
Availability Impact
Vulnerable system	NONE	Subsequent systems	NONE
Safety impact	NEGLIGIBLE
Automatable	YES
Recovery	AUTOMATIC
Value Density	DIFFUSE
Vulnerability Response effort	LOW
Provider Urgency	GREEN

References

https://csirt.divd.nl/CVE-2025-22374 ( third-party-advisory )
https://csirt.divd.nl/DIVD-2024-00043/ ( third-party-advisory )

Problem type(s)

CWE-918 Server-Side Request Forgery (SSRF)

Impact(s)

CAPEC-664 Server Side Request Forgery

Date published

Last modified

Description

A Server-Side Request Forgery (SSRF) vulnerability was discovered in the videx-legacy-ssl web service of Videx’s CyberAudit-Web, affecting versions prior to 1.1.3. This vulnerability has been patched in versions after 1.1.3. Leaving this vulnerability unpatched could lead to unauthorized access to the underlying infrastructure.

JSON version.

DIVD CSIRT

CVE-2025-22374

SSRF in CyberAudit-Web videx-legacy-ssl

Description