CVE-2025-11864

Summary

A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the function extension.apply of the file /src/cluster.ts of the component Outbound Request Handler. Such manipulation of the argument https/ip/port/path/headers leads to server-side request forgery. The attack may be performed from remote.

Affected Software

VendorProductVersion RangeStatus
NucleoidAINucleoid0.7.0affected
NucleoidAINucleoid0.7.1affected
NucleoidAINucleoid0.7.2affected
NucleoidAINucleoid0.7.3affected
NucleoidAINucleoid0.7.4affected
NucleoidAINucleoid0.7.5affected
NucleoidAINucleoid0.7.6affected
NucleoidAINucleoid0.7.7affected
NucleoidAINucleoid0.7.8affected
NucleoidAINucleoid0.7.9affected
NucleoidAINucleoid0.7.10affected

Weaknesses

  • CWE-918: Server-Side Request Forgery

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References