प्लेटफ़ॉर्म
other
घटक
manager
में ठीक किया गया
25.7.22
CVE-2025-54122 describes a critical unauthenticated Server-Side Request Forgery (SSRF) vulnerability affecting Manager-io Manager, an accounting software solution. This flaw allows attackers to bypass network isolation and access internal resources, potentially leading to data breaches and unauthorized access. The vulnerability impacts both the Desktop and Server editions of Manager-io Manager versions up to and including 25.7.18.2519. A patch is available in version 25.7.21.2525.
The SSRF vulnerability in Manager-io Manager poses a significant threat due to its unauthenticated nature and potential for widespread impact. An attacker can leverage this flaw to send malicious requests from the Manager server to internal systems, effectively bypassing firewalls and network segmentation. This could enable access to sensitive data stored on internal databases, cloud metadata endpoints (e.g., AWS, Azure, GCP credentials), and other internal services that are not directly exposed to the internet. Successful exploitation could lead to complete compromise of the internal network, data exfiltration, and disruption of business operations. The ability to bypass network isolation makes this vulnerability particularly dangerous, as it allows attackers to reach resources that would otherwise be protected.
CVE-2025-54122 was published on 2025-07-21. Its CVSS score of 10 (Critical) indicates a high probability of exploitation. While no public Proof-of-Concept (POC) exploits have been publicly released as of this writing, the ease of exploitation inherent in SSRF vulnerabilities suggests that it may become a target for automated scanning and exploitation. The vulnerability is not currently listed on KEV or EPSS, but its critical severity warrants close monitoring. Monitor network traffic for suspicious outbound requests originating from Manager-io Manager servers.
एक्सप्लॉइट स्थिति
EPSS
0.35% (57% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2025-54122 is to immediately upgrade Manager-io Manager to version 25.7.21.2525 or later. Before upgrading, it's crucial to back up your Manager data to prevent data loss in case of unforeseen issues. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as restricting outbound network access from the Manager server using a Web Application Firewall (WAF) or proxy server. Configure the WAF/proxy to block requests to known malicious domains and internal resources that should not be accessible from the internet. Regularly review and update WAF rules to adapt to evolving threat landscapes. After upgrading, confirm the fix by attempting to trigger an SSRF request to an internal resource; the request should be blocked or fail.
Manager को संस्करण 25.7.21.2525 या उससे ऊपर के संस्करण में अपडेट करें। यह अपडेट आंतरिक संसाधनों तक अनधिकृत पहुंच की अनुमति देने वाले SSRF भेद्यता को ठीक करता है। जोखिम को कम करने के लिए जल्द से जल्द अपडेट करने की सिफारिश की जाती है।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
It's a critical unauthenticated SSRF vulnerability in Manager-io Manager accounting software, allowing attackers to access internal resources.
If you're using Manager-io Manager Desktop or Server versions 25.7.18.2519 or earlier, you are vulnerable.
Upgrade to version 25.7.21.2525 or later. Back up your data before upgrading.
No public exploits are known, but the vulnerability's severity suggests potential for exploitation.
Refer to the Manager-io security advisory and the NVD entry for CVE-2025-54122 for detailed information.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।