Unrated severityNVD Advisory· Published Oct 3, 2025· Updated Oct 6, 2025

OpenSupports 4.11.0 — SSRF via test imap and smtp endpoints

CVE-2025-10695

Description

Two unauthenticated diagnostic endpoints allow arbitrary backend-initiated network connections to an attacker‑supplied destination. Both endpoints are exposed with permission => 'any', enabling unauthenticated SSRF for internal network scanning and service interaction.

This issue affects OpenSupports: 4.11.0.

Affected products

Opensupports/Opensupportsllm-fuzzy2 versions
=4.11.0+ 1 more
- (no CPE)range: =4.11.0
- (no CPE)range: 4.11.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

fluidattacks.com/advisories/freermitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000