CVE-2025-51058
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk35th percentile - higher than 35% of all known CVEs
Summary
An SSRF vulnerability in Vedo Suite 2024.17 allows authenticated attackers to send HTTP requests to arbitrary external paths via the "file" parameter in the /api_vedo/video/preview endpoint.
Risk Assessment
An attacker could exploit this to scan internal networks, access sensitive resources, or launch attacks on other systems, potentially leading to data leakage or infrastructure compromise.
Recommendation
Immediately update Vedo Suite to the latest patched version and restrict access to the /api_vedo/video/preview endpoint to trusted users only.
Original NVD description (English source)
Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery (SSRF) in the /api_vedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL parameter.

