CVE-2025-10393

Summary

A flaw has been found in miurla morphic up to 0.4.5. This impacts the function fetchHtml of the file /api/advanced-search of the component HTTP Status Code 3xx Handler. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used.

Affected Software

VendorProductVersion RangeStatus
miurlamorphic0.4.0affected
miurlamorphic0.4.1affected
miurlamorphic0.4.2affected
miurlamorphic0.4.3affected
miurlamorphic0.4.4affected
miurlamorphic0.4.5affected

Weaknesses

  • CWE-918: Server-Side Request Forgery

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References