CVE-2025-60898
MediumCVSS 5.8Exploitation Probability (EPSS)
Low risk18th percentile - higher than 18% of all known CVEs
Summary
An unauthenticated server-side request forgery (SSRF) vulnerability exists in the Thumbnail via-uri endpoint of Halo CMS 2.21. A remote attacker can force the server to make HTTP requests to attacker-controlled URLs, including internal network addresses.
Risk Assessment
An attacker can exploit this vulnerability to scan the internal network, access internal resources, or launch attacks against other systems, potentially leading to data leakage or infrastructure compromise.
Recommendation
Upgrade Halo CMS to the latest patched version immediately. As a temporary measure, restrict access to the Thumbnail via-uri endpoint using firewall rules or access control lists.
Original NVD description (English source)
An unauthenticated server-side request forgery (SSRF) vulnerability in the Thumbnail via-uri endpoint of Halo CMS 2.21 allows a remote attacker to cause the server to issue HTTP requests to attacker-controlled URLs, including internal addresses. The endpoint performs a server-side GET to a user-supplied URI without adequate allow/blocklist validation and returns a 307 redirect that can disclose internal URLs in the Location header.

