Vulnerability Description
A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this vulnerability is the function do_job of the file /rachelos/we-mp-rss/blob/main/jobs/mps.py of the component Webhook Module. Executing manipulation of the argument web_hook_url can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://vuldb.com/?ctiid.332465
- https://vuldb.com/?id.332465
- https://vuldb.com/?submit.684803
- https://www.notion.so/SSRF-vulnerability-in-WeRSS-WebHook-module-29bea92a3c4180a
FAQ
What is CVE-2025-13174?
CVE-2025-13174 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this vulnerability is the function do_job of the file /rachelos/we-mp-rss/blob/main/jobs/mps.py of the component Web...
How severe is CVE-2025-13174?
CVE-2025-13174 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-13174?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.