CVE-2025-6517 – Dromara MaxKey Server-Side Request Forgery Vulnerability

June 23, 2025

CVE ID : CVE-2025-6517

Published : June 23, 2025, 6:15 p.m. | 2 hours, 47 minutes ago

Description : A vulnerability was found in Dromara MaxKey up to 4.1.7 and classified as critical. This issue affects the function Add of the file maxkey-websmaxkey-web-mgtsrcmainjavaorgdromaramaxkeywebappscontorllerSAML20DetailsController.java of the component Meta URL Handler. The manipulation of the argument post leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49144 – Notepad++ Privilege Escalation Vulnerability

Next Article CVE-2025-49126 – Visionatrix ComfyUI Reflected Cross-Site Scripting Vulnerability

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

5 ways business leaders can transform workplace culture – and it starts by listening

My 4 favorite image editing apps on Linux – and two are free Photoshop alternatives

How Google’s Genie 3 could change AI video – and let you build your own interactive worlds

How you’re charging your tablet is slowly killing it – 3 methods to avoid (and the right way)

Establishing Consistent Data Foundations with Laravel’s Database Population System

Establishing Consistent Data Foundations with Laravel’s Database Population System

Generate Postman Collections from Laravel Routes

This Week in Laravel: Free Laravel Idea, Laracon News, and More

Lenovo Legion Go 2 vs Legion Go — How Do These Gaming Handhelds Compare Based on Rumored Specs?

Lenovo Legion Go 2 vs Legion Go — How Do These Gaming Handhelds Compare Based on Rumored Specs?

9 Default Settings in Windows 11 You Didn’t Know Could Affect Performance and Privacy

DICE Responds to Battlefield 6 Community: Key Updates on Map Flow and Class Mechanics

CVE-2025-6517 – Dromara MaxKey Server-Side Request Forgery Vulnerability

Black Hat USA 2025: Does successful cybersecurity today increase cyber-risk tomorrow?

Black Hat USA 2025: Policy compliance and the myth of the silver bullet

CVE-2025-6052 – GNOME GLib Memory Corruption Vulnerability

Texas A&M Researchers Introduce a Two-Phase Machine Learning Method Named ‘ShockCast’ for High-Speed Flow Simulation with Neural Temporal Re-Meshing

CVE-2025-5855 – Tenda AC6 Stack-Based Buffer Overflow Vulnerability

Microsoft Authenticator is losing autofill but the tech giant already has a replacement

CVE-2025-6230 – Lenovo Vantage SQL Injection Vulnerability

A Closer Look at the AI Assistant of Oracle Analytics

CVE-2025-47645 – ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes SQL Injection

CVE-2024-13916 – Kruger&Matz com.pri.applock Fingerprint PIN Code Exfiltration

CVE-2025-6517 – Dromara MaxKey Server-Side Request Forgery Vulnerability

Related Posts