CVE-2025-13872 — CRITICAL (9.1)

Vulnerability Description

Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an arbitrary destination.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Objectplanet	Opinio	7.26

Related Weaknesses (CWE)

CWE-918

References

https://www.objectplanet.com/opinio/changelog.htmlRelease Notes

FAQ

What is CVE-2025-13872?

CVE-2025-13872 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET reques...

How severe is CVE-2025-13872?

CVE-2025-13872 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-13872?

Check the references section above for vendor advisories and patch information. Affected products include: Objectplanet Opinio.