VYPR
Unrated severityNVD Advisory· Published Oct 3, 2025· Updated Oct 6, 2025

OpenSupports 4.11.0 — SSRF via test imap and smtp endpoints

CVE-2025-10695

Description

Two unauthenticated diagnostic endpoints allow arbitrary backend-initiated network connections to an attacker‑supplied destination. Both endpoints are exposed with permission => 'any', enabling unauthenticated SSRF for internal network scanning and service interaction.

This issue affects OpenSupports: 4.11.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.