CVE-2025-10787

Summary

A vulnerability was found in MuYuCMS up to 2.7. Impacted is an unknown function of the file /index/index.html of the component Add Fiend Link Handler. Performing manipulation of the argument Link URL results in server-side request forgery. The attack may be initiated remotely. The exploit has been made public and could be used.

Affected Software

VendorProductVersion RangeStatus
n/aMuYuCMS2.0affected
n/aMuYuCMS2.1affected
n/aMuYuCMS2.2affected
n/aMuYuCMS2.3affected
n/aMuYuCMS2.4affected
n/aMuYuCMS2.5affected
n/aMuYuCMS2.6affected
n/aMuYuCMS2.7affected

Weaknesses

  • CWE-918: Server-Side Request Forgery

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References