Vulnerabilities

CVE-2025-10695

by Fred · 03/10/2025

Two unauthenticated diagnostic endpoints allow arbitrary backend-initiated network connections to an attacker‑supplied destination. Both endpoints are exposed with permission => ‘any’, enabling unauthenticated SSRF for internal network scanning and service interaction.

This issue affects OpenSupports: 4.11.0.

More information : https://fluidattacks.com/advisories/freer

Similar

Tags: Cybersecurity Alert