Medium severity5.4NVD Advisory· Published Jun 10, 2025· Updated Apr 15, 2026
CVE-2025-44043
CVE-2025-44043
Description
Keyoti SearchUnit prior to 9.0.0. is vulnerable to Server-Side Request Forgery (SSRF) in /Keyoti_SearchEngine_Web_Common/SearchService.svc/GetResults and /Keyoti_SearchEngine_Web_Common/SearchService.svc/GetLocationAndContentCategories. An attacker can specify their own SMB server as the indexDirectory value when making POST requests to the affected components. In doing so an attacker can get the SearchUnit server to read and write configuration and log files from/to the attackers server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <9.0.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.