High severity7.7NVD Advisory· Published Jan 14, 2025· Updated Apr 15, 2026

CVE-2025-0474

Description

Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery (SSRF) allowing for arbitrary file read and network resource requests as the application user. This issue affects Invoice Ninja: from 5.8.56 through 5.11.23.

Patches

2a9bf353b432

https://github.com/invoiceninja/invoiceninjavia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/invoiceninja/invoiceninja/commit/2a9bf353b432d7060e85487b617151ecbc36247dnvd
github.com/invoiceninja/invoiceninja/compare/97ae948618230c1812f3223b80bf22dcb0382dc5..435780932fe19063001d79ba518815df62773d71nvd
vulncheck.com/advisories/invoice-ninja-ssrfnvd

News mentions

No linked articles in our index yet.

cvss	0.501
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000