Plataforma
php
Componente
dingtalk
Corregido en
8.6.6
8.6.6
8.6.6
8.6.6
8.6.6
CVE-2025-5005 is a server-side request forgery (SSRF) vulnerability affecting Lingdang CRM versions 8.6.5.0 through 8.6.5.4. This vulnerability allows an attacker to manipulate the 'corpurl' parameter within the crm/WeiXinApp/dingtalk/index_event.php file, potentially leading to unauthorized access to internal resources. A public exploit is available, indicating an elevated risk of exploitation. The vulnerability is resolved in version 8.6.6.
Successful exploitation of CVE-2025-5005 allows an attacker to initiate arbitrary HTTP requests from the Lingdang CRM server. This can be leveraged to access internal services and resources that are not directly exposed to the internet. An attacker could potentially read sensitive data from internal systems, interact with internal APIs, or even perform actions on behalf of the CRM server. The SSRF vulnerability's impact extends beyond simple information disclosure; it can be a stepping stone for further attacks, such as internal reconnaissance and privilege escalation. The availability of a public exploit significantly increases the likelihood of exploitation, particularly given the vendor's lack of response to early disclosure attempts.
CVE-2025-5005 has a public exploit available, indicating a high probability of exploitation. The vulnerability was disclosed on 2025-09-09. The vendor's lack of response to early disclosure attempts suggests a potential lack of ongoing security maintenance, further increasing the risk. While not currently listed on KEV, the public exploit and vendor inaction warrant close monitoring.
Organizations utilizing Lingdang CRM in environments with internal services accessible via HTTP are at significant risk. Specifically, deployments with weak network segmentation or those relying on the CRM for integration with internal systems are particularly vulnerable. Shared hosting environments where multiple customers share the same CRM instance are also at increased risk, as a compromise of one customer's account could potentially lead to SSRF attacks targeting other customers.
• php: Examine web server access logs for requests originating from the CRM server to unusual or internal IP addresses.
grep '127.0.0.1' /var/log/apache2/access.log | grep 'crm/WeiXinApp/dingtalk/index_event.php'• php: Search for the crm/WeiXinApp/dingtalk/index_event.php file and review its code for the handling of the corpurl parameter. Look for missing or inadequate validation.
• generic web: Use curl to test the vulnerability by sending a request with a malicious corpurl parameter and observing the server's response.
curl 'http://your-crm-server/crm/WeiXinApp/dingtalk/index_event.php?corpurl=http://internal-service/'disclosure
poc
Estado del Exploit
EPSS
0.06% (17% percentil)
CISA SSVC
Vector CVSS
The primary mitigation for CVE-2025-5005 is to upgrade Lingdang CRM to version 8.6.6 or later, which contains the fix. If upgrading immediately is not possible, consider implementing temporary workarounds. Restrict outbound network access from the CRM server using a Web Application Firewall (WAF) or proxy to limit the destinations the server can connect to. Validate and sanitize the 'corpurl' parameter on the server-side to prevent malicious input. Monitor access logs for unusual outbound requests originating from the CRM server, paying close attention to requests to internal IP addresses or unexpected domains. After upgrading, verify the fix by attempting to trigger the SSRF vulnerability with a known malicious 'corpurl' value; the request should be blocked or rejected.
Actualice Lingdang CRM a una versión posterior a 8.6.5.4, si está disponible, que corrija la vulnerabilidad de Server-Side Request Forgery (SSRF) en el archivo index_event.php. Si no hay una actualización disponible, considere deshabilitar o restringir el acceso al archivo index_event.php y monitorear el tráfico de red en busca de actividades sospechosas. Consulte con el proveedor para obtener una solución oficial.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2025-5005 is a server-side request forgery vulnerability in Lingdang CRM versions 8.6.5.0 through 8.6.5.4, allowing attackers to make requests on behalf of the server.
If you are using Lingdang CRM versions 8.6.5.0 through 8.6.5.4, you are potentially affected by this SSRF vulnerability.
Upgrade Lingdang CRM to version 8.6.6 or later to resolve the vulnerability. Implement temporary workarounds like WAF rules if immediate upgrade is not possible.
Yes, a public exploit exists for CVE-2025-5005, indicating a high likelihood of active exploitation.
Due to the vendor's lack of response, an official advisory may not be available. Monitor security news sources and vulnerability databases for updates.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.