CVE-2024-25181

Description

A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery (SSRF) and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "file_get_contents" function within the "save.php" file.

PUBLISHED Reserved 2024-02-07 | Published 2025-12-29 | Updated 2025-12-30 | Assigner mitre

References

gist.github.com/...iictorti/69cbae23d98fb9a1a4b3eee0c305c7de exploit

gist.github.com/...iictorti/69cbae23d98fb9a1a4b3eee0c305c7de

cve.org (CVE-2024-25181)

nvd.nist.gov (CVE-2024-25181)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.