Medium severity5.3NVD Advisory· Published Jun 25, 2025· Updated Apr 15, 2026

CVE-2024-51981

Description

An unauthenticated attacker may perform a blind server side request forgery (SSRF), due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control all the HTTP data sent in the SSRF connection, but the attacker can not receive any data back from this connection.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdfnvd
support.brother.com/g/b/link.aspxnvd
support.brother.com/g/b/link.aspxnvd
support.brother.com/g/b/link.aspxnvd
www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0625_announce.htmlnvd
www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdfnvd
www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixednvd
www.ricoh.com/products/security/vulnerabilities/vulnvd
www.toshibatec.com/information/20250625_02.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000