Platform
php
Component
dingtalk
Fixed in
8.6.6
8.6.6
8.6.6
8.6.6
8.6.6
CVE-2025-5005 is a server-side request forgery (SSRF) vulnerability affecting Lingdang CRM versions 8.6.5.0 through 8.6.5.4. This vulnerability allows an attacker to manipulate the 'corpurl' parameter within the crm/WeiXinApp/dingtalk/index_event.php file, potentially leading to unauthorized access to internal resources. A public exploit is available, indicating an elevated risk of exploitation. The vulnerability is resolved in version 8.6.6.
Successful exploitation of CVE-2025-5005 allows an attacker to initiate arbitrary HTTP requests from the Lingdang CRM server. This can be leveraged to access internal services and resources that are not directly exposed to the internet. An attacker could potentially read sensitive data from internal systems, interact with internal APIs, or even perform actions on behalf of the CRM server. The SSRF vulnerability's impact extends beyond simple information disclosure; it can be a stepping stone for further attacks, such as internal reconnaissance and privilege escalation. The availability of a public exploit significantly increases the likelihood of exploitation, particularly given the vendor's lack of response to early disclosure attempts.
CVE-2025-5005 has a public exploit available, indicating a high probability of exploitation. The vulnerability was disclosed on 2025-09-09. The vendor's lack of response to early disclosure attempts suggests a potential lack of ongoing security maintenance, further increasing the risk. While not currently listed on KEV, the public exploit and vendor inaction warrant close monitoring.
Exploit Status
EPSS
0.06% (17% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-5005 is to upgrade Lingdang CRM to version 8.6.6 or later, which contains the fix. If upgrading immediately is not possible, consider implementing temporary workarounds. Restrict outbound network access from the CRM server using a Web Application Firewall (WAF) or proxy to limit the destinations the server can connect to. Validate and sanitize the 'corpurl' parameter on the server-side to prevent malicious input. Monitor access logs for unusual outbound requests originating from the CRM server, paying close attention to requests to internal IP addresses or unexpected domains. After upgrading, verify the fix by attempting to trigger the SSRF vulnerability with a known malicious 'corpurl' value; the request should be blocked or rejected.
Update Lingdang CRM to a version later than 8.6.5.4, if available, that fixes the Server-Side Request Forgery (SSRF) vulnerability in the index_event.php file. If no update is available, consider disabling or restricting access to the index_event.php file and monitoring network traffic for suspicious activity. Consult with the vendor for an official solution.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-5005 is a server-side request forgery vulnerability in Lingdang CRM versions 8.6.5.0 through 8.6.5.4, allowing attackers to make requests on behalf of the server.
If you are using Lingdang CRM versions 8.6.5.0 through 8.6.5.4, you are potentially affected by this SSRF vulnerability.
Upgrade Lingdang CRM to version 8.6.6 or later to resolve the vulnerability. Implement temporary workarounds like WAF rules if immediate upgrade is not possible.
Yes, a public exploit exists for CVE-2025-5005, indicating a high likelihood of active exploitation.
Due to the vendor's lack of response, an official advisory may not be available. Monitor security news sources and vulnerability databases for updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.