CVE-2025-36845
published 2025-07-21CVE-2025-36845: An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_internal/redirect.php allows for Server-Side Request Forgery (SSRF). The endpoint…
PriorityP260high8.6CVSS 3.1
AVNACLPRNUINSCCHINAN
EXPLOIT
EPSS
1.58%
72.5th percentile
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_internal/redirect.php allows for Server-Side Request Forgery (SSRF). The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only reachable by the application server.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eveo | urve_web_manager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url{{BaseURL}}/_internal/redirect.php?url=http://{{interactsh-url}}
otherhtml:"URVE Web Manager"
- →Check for HTTP GET requests to /_internal/redirect.php with a user-supplied 'url' parameter — this is the SSRF vector. ↗
- →Confirm target is Eveo URVE Web Manager by checking for the string 'URVE Web Manager' in the HTTP response body of the login page (/urve/site/login.html?lang=en).
- →Use out-of-band (OOB/OAST) DNS interaction detection to confirm SSRF exploitation — a DNS callback from the server indicates successful SSRF.
- →Shodan fingerprinting query to identify exposed instances: html:"URVE Web Manager"
- ·Exploitation requires the attacker to first confirm the target is running Eveo URVE Web Manager 27.02.2025 before attempting the SSRF payload.
- ·The SSRF can be used to reach internal endpoints not directly accessible from the internet — scope of impact depends on internal network topology. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q9g9-363h-fq62: An issue was discovered in Eveo URVE Web Manager 27
ghsa_unreviewed·2025-07-21·CVSS 8.6
CVE-2025-36846 [HIGH] CWE-78 GHSA-q9g9-363h-fq62: An issue was discovered in Eveo URVE Web Manager 27
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /_internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shell_exec() function of PHP. NOTE: this can be chained with CVE-2025-36845.
GHSA
GHSA-7q67-hxcf-pvj7: An issue was discovered in Eveo URVE Web Manager 27
ghsa_unreviewed·2025-07-21
CVE-2025-36845 [HIGH] CWE-918 GHSA-7q67-hxcf-pvj7: An issue was discovered in Eveo URVE Web Manager 27
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_internal/redirect.php allows for Server-Side Request Forgery (SSRF). The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only reachable by the application server.
No detection rules found.
Nuclei
Eveo URVE Web Manager - Server-Side Request Forgery
nuclei·CVSS 8.6
CVE-2025-36845 [HIGH] Eveo URVE Web Manager - Server-Side Request Forgery
Eveo URVE Web Manager - Server-Side Request Forgery
Eveo URVE Web Manager 27.02.2025 contains a server-side request forgery caused by improper validation of URL input in /_internal/redirect.php, letting attackers make requests to internal endpoints, exploit requires crafted URL input.
Template:
id: CVE-2025-36845
info:
name: Eveo URVE Web Manager - Server-Side Request Forgery
author: DhiyaneshDk
severity: high
description: |
Eveo URVE Web Manager 27.02.2025 contains a server-side request forgery caused by improper validation of URL input in /_internal/redirect.php, letting attackers make requests to internal endpoints, exploit requires crafted URL input.
impact: |
Attackers can make requests to internal-only accessible endpoints, potentially exposing sensitive internal services or data
No writeups or analysis indexed.
2025-07-21
Published