1. Home
  2. CVE Database
  3. CVE-2025-11696
NONE · 0

CVE-2025-11696

A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB...

Vulnerability Description

A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM hashes.

Related Weaknesses (CWE)

CWE-22

References

FAQ

What is CVE-2025-11696?

CVE-2025-11696 is a documented vulnerability. A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB...

How severe is CVE-2025-11696?

CVSS scoring is not yet available for CVE-2025-11696. Check NVD for updates.

Is there a patch for CVE-2025-11696?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.