CVE-2025-48739: A Server-Side Request Forgery (SSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0...
Description
A Server-Side Request Forgery (SSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows remote authenticated attackers with admin permissions (allowing them to access specific API endpoints) to manipulate URLs to direct requests to unexpected hosts or ports. This allows the attacker to use a TheHive server as a proxy to reach internal or otherwise restricted resources. This could be exploited to access other servers on the internal network.
Classification
CVE ID: CVE-2025-48739
CVSS Base Severity: MEDIUM
CVSS Base Score: 4.6
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L
Problem Types
CWE-918 Server-Side Request Forgery (SSRF)Affected Products
Vendor: StrangeBee
Product: TheHive
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.12% (probability of being exploited)
EPSS Percentile: 32.73% (scored less or equal to compared to others)
EPSS Date: 2025-06-18 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-48739https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2025-002.md