ThemesInflow Hercules Core CVE-2025-63010
MEDIUMSeverity by source
AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
DescriptionCVE.org
Server-Side Request Forgery (SSRF) vulnerability in ThemesInflow Hercules Core hercules-core allows Server Side Request Forgery.This issue affects Hercules Core : from n/a through <= 7.4.
Analysis
Server-Side Request Forgery (SSRF) vulnerability in ThemesInflow Hercules Core hercules-core allows Server Side Request Forgery.This issue affects Hercules Core : from n/a through <= 7.4.
Technical ContextAI
Server-Side Request Forgery allows an attacker to induce the server to make HTTP requests to arbitrary destinations, including internal services. This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918).
Affected ProductsAI
Affected: ThemesInflow Hercules Core hercules-core
RemediationAI
Validate and whitelist allowed URLs and IP ranges. Block requests to internal/private IP ranges. Use network segmentation to limit server-side request scope.
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today