{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-0474","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2025-01-14T17:02:11.906Z","datePublished":"2025-01-14T18:50:30.331Z","dateUpdated":"2025-11-19T20:29:57.454Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unknown","platforms":["Linux"],"product":"Invoice Ninja","programFiles":["https://github.com/invoiceninja/invoiceninja/blob/6765bfef3fed703fda2b1028729c1728e2eb4652/app/Utils/Traits/Pdf/PdfMaker.php"],"repo":"https://github.com/invoiceninja/invoiceninja/","vendor":"Invoice Ninja","versions":[{"changes":[{"at":"5.11.24","status":"unknown"}],"lessThanOrEqual":"5.11.23","status":"affected","version":"5.8.56","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:invoiceninja:invoice_ninja:*:*:*:*:*:*:*:*","versionEndIncluding":"5.11.23","versionStartIncluding":"5.8.56","vulnerable":true}],"negate":false,"operator":"OR"}],"operator":"OR"}],"credits":[{"lang":"en","type":"finder","value":"Branko Brkic"},{"lang":"en","type":"finder","value":"Louka Jacques-Chevallier"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery (SSRF) allowing for arbitrary file read and network resource requests as the application user.<br><p>This issue affects Invoice Ninja: from 5.8.56 through 5.11.23.</p>"}],"value":"Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery (SSRF) allowing for arbitrary file read and network resource requests as the application user.\nThis issue affects Invoice Ninja: from 5.8.56 through 5.11.23."}],"impacts":[{"capecId":"CAPEC-639","descriptions":[{"lang":"en","value":"CAPEC-639 Probe System Files"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-918","description":"CWE-918 Server-Side Request Forgery (SSRF)","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2025-11-19T20:29:57.454Z"},"references":[{"tags":["patch"],"url":"https://github.com/invoiceninja/invoiceninja/commit/2a9bf353b432d7060e85487b617151ecbc36247d"},{"tags":["third-party-advisory"],"url":"https://vulncheck.com/advisories/invoice-ninja-ssrf"},{"tags":["patch"],"url":"https://github.com/invoiceninja/invoiceninja/compare/97ae948618230c1812f3223b80bf22dcb0382dc5..435780932fe19063001d79ba518815df62773d71"}],"source":{"discovery":"UNKNOWN"},"title":"Invoice Ninja PDF Rendering Server Side Request Forgery","x_generator":{"engine":"vulncheck"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-0474","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2025-01-14T21:34:47.777006Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-12T20:31:19.642Z"}}]}}