cbcvebase.
CVE-2025-36845
published 2025-07-21

CVE-2025-36845: An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_internal/redirect.php allows for Server-Side Request Forgery (SSRF). The endpoint…

PriorityP260high8.6CVSS 3.1
AVNACLPRNUINSCCHINAN
EXPLOIT
EPSS
1.58%
72.5th percentile
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_internal/redirect.php allows for Server-Side Request Forgery (SSRF). The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only reachable by the application server.

Affected

1 ranges
VendorProductVersion rangeFixed in
eveourve_web_manager

Detection & IOCsextracted from sources · hover to see the quote

path/_internal/redirect.php
url{{BaseURL}}/_internal/redirect.php?url=http://{{interactsh-url}}
otherhtml:"URVE Web Manager"
  • Check for HTTP GET requests to /_internal/redirect.php with a user-supplied 'url' parameter — this is the SSRF vector.
  • Confirm target is Eveo URVE Web Manager by checking for the string 'URVE Web Manager' in the HTTP response body of the login page (/urve/site/login.html?lang=en).
  • Use out-of-band (OOB/OAST) DNS interaction detection to confirm SSRF exploitation — a DNS callback from the server indicates successful SSRF.
  • Shodan fingerprinting query to identify exposed instances: html:"URVE Web Manager"
  • ·Exploitation requires the attacker to first confirm the target is running Eveo URVE Web Manager 27.02.2025 before attempting the SSRF payload.
  • ·The SSRF can be used to reach internal endpoints not directly accessible from the internet — scope of impact depends on internal network topology.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.