Critical severity9.6NVD Advisory· Published Oct 17, 2025· Updated Apr 15, 2026

CVE-2025-60279

Description

A server-side request forgery (SSRF) vulnerability in Illia Cloud illia-Builder before v4.8.5 allows authenticated users to send arbitrary requests to internal services via the API. An attacker can leverage this to enumerate open ports based on response discrepancies and interact with internal services.

Affected products

Lukehebe/Vulnerability Disclosuresreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/lukehebe/Vulnerability-Disclosures/blob/main/CVE-2025-60279.pdfnvd
owasp.org/www-community/attacks/Server_Side_Request_Forgerynvd

News mentions

No linked articles in our index yet.

cvss	0.624
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000