Stoque Zeev.it Login Page server-side request forgery 漏洞信息(CVE-2025-2192)

一、漏洞 CVE-2025-2192 基础信息

美国国家漏洞数据库 NVD

漏洞标题

Stoque Zeev.it Login Page server-side request forgery

来源：美国国家漏洞数据库 NVD

漏洞描述信息

A vulnerability, which was classified as problematic, was found in Stoque Zeev.it 4.24. This affects an unknown part of the file /Login?inpLostSession=1 of the component Login Page. The manipulation of the argument inpRedirectURL leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

来源：美国国家漏洞数据库 NVD

CVSS信息

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

来源：美国国家漏洞数据库 NVD

漏洞类别

服务端请求伪造(SSRF)

来源：美国国家漏洞数据库 NVD

二、漏洞 CVE-2025-2192 的公开POC

#	POC 描述	源链接	神龙链接

三、漏洞 CVE-2025-2192 的情报信息

https://drive.google.com/file/d/17QAEbzVIjTUj8FDOVMwfl9-7j8LRcK4V/view?usp=sharing broken-link exploit
https://vuldb.com/?id.299217 vdb-entry technical-description
https://vuldb.com/?ctiid.299217 signature permissions-required
https://vuldb.com/?submit.511708 third-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-2192

一、 漏洞 CVE-2025-2192 基础信息

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2025-2192 的公开POC

三、漏洞 CVE-2025-2192 的情报信息

一、漏洞 CVE-2025-2192 基础信息