CVE-2025-61768

Vulnerability Description

KUNO CMS is a fully deployable full-stack blog application. In versions prior to 1.3.15, an SSRF (Server-Side Request Forgery) vulnerability exists in the Media module of the Kuno CMS administrative panel. A logged-in administrator can upload a specially crafted SVG file containing an external image reference, causing the server to initiate an outgoing connection to an arbitrary external URL. This can lead to information disclosure or internal network probing. Version 1.3.15 contains a fix for the issue.

Related Weaknesses (CWE)

References

• https://github.com/xuemian168/kuno/commit/804b2909c65b16ae2063d0f992e0711aa09475
• https://github.com/xuemian168/kuno/releases/tag/v1.3.15
• https://github.com/xuemian168/kuno/security/advisories/GHSA-4f5f-2c49-5mwm

FAQ

What is CVE-2025-61768?

CVE-2025-61768 is a documented vulnerability. KUNO CMS is a fully deployable full-stack blog application. In versions prior to 1.3.15, an SSRF (Server-Side Request Forgery) vulnerability exists in the Media module of the Kuno CMS administrative p...

How severe is CVE-2025-61768?

CVSS scoring is not yet available for CVE-2025-61768. Check NVD for updates.

Is there a patch for CVE-2025-61768?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.