CVE-2025-6517 – Dromara MaxKey Server-Side Request Forgery Vulnerability

June 23, 2025

CVE ID : CVE-2025-6517

Published : June 23, 2025, 6:15 p.m. | 2 hours, 47 minutes ago

Description : A vulnerability was found in Dromara MaxKey up to 4.1.7 and classified as critical. This issue affects the function Add of the file maxkey-websmaxkey-web-mgtsrcmainjavaorgdromaramaxkeywebappscontorllerSAML20DetailsController.java of the component Meta URL Handler. The manipulation of the argument post leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49144 – Notepad++ Privilege Escalation Vulnerability

Next Article CVE-2025-49126 – Visionatrix ComfyUI Reflected Cross-Site Scripting Vulnerability

Highlights

CVE-2025-50738 – Apache Memos Information Disclosure Cross-Site Request Forgery

July 29, 2025

CVE ID : CVE-2025-50738

Published : July 29, 2025, 3:15 p.m. | 8 hours, 44 minutes ago

Description : The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be exploited by an attacker to disclose the viewing user’s IP address, browser User-Agent string, and potentially other request-specific information to the attacker-controlled server, leading to information disclosure and user tracking.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Across the 4th Dimension

Cursor vs GitHub Copilot (2025): Which AI Platform Wins for Your Node.js Dev Team?

NuGet adds support for Trusted Publishing

AWS launches IDE extension for building browser automation agents

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

DistroWatch Weekly, Issue 1140

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

IDC ServiceScape for Microsoft Power Apps Low-Code/No-Code Custom Application Development Services

A Stream-Oriented UI library for interactive web applications

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

CVE-2025-6517 – Dromara MaxKey Server-Side Request Forgery Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-52723 – Codesupplyco Networker PHP Local File Inclusion Vulnerability

CVE-2025-9793 – Apachebi’s Apartment Management System SQL Injection Vulnerability

CVE-2025-32752 – Dell ThinOS Cleartext Storage of Sensitive Information Vulnerability

How the GitHub CLI can now enable triangular workflows

CVE-2025-50738 – Apache Memos Information Disclosure Cross-Site Request Forgery

These are the 5 Prime Day deals I’d buy if I weren’t about to have a baby

CVE-2025-53825 – Dokploy Unauthenticated Code Execution and Secret Disclosure Vulnerability

Quick Lookup is a dictionary application powered by Wiktionary

CVE-2025-6517 – Dromara MaxKey Server-Side Request Forgery Vulnerability

Related Posts