What is the CVSS score of CVE-2025-65836?

CVE-2025-65836 has a CVSS 3.1 base score of 9.1 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.1%.

Which versions of Publiccms are affected by CVE-2025-65836?

PublicCMS V5.202506.b contains a critical Server-Side Request Forgery (SSRF) vulnerability in its chat interface that allows attackers to bypass network controls and access internal systems.

Is there a public PoC exploit available for CVE-2025-65836?

Yes, a public proof-of-concept exploit is available for CVE-2025-65836. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-65836?

Within 24 hours: Inventory all PublicCMS V5.202506.b instances and restrict network access to the chat interface via firewall rules. Within 7 days: Implement Web Application Firewall (WAF) rules to block malicious SSRF payloads targeting the SimpleAiAdminController endpoint, disable the chat feature if non-essential, or isolate affected systems from sensitive internal networks. Within 30 days: Develop a migration plan to upgrade to a patched version when available, or evaluate alternative solutions; conduct a security audit of chat interface logs for signs of exploitation.

Publiccms CVE-2025-65836

EUVD-2025-200089 CRITICAL

Server-Side Request Forgery (SSRF) (CWE-918)

2025-12-01 cve@mitre.org

SSRF Publiccms

9.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.1 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 13:34 euvd

EUVD-2025-200089

Analysis Generated

Mar 15, 2026 - 13:34 vuln.today

PoC Detected

Dec 04, 2025 - 18:09 vuln.today

Public exploit code

CVE Published

Dec 01, 2025 - 20:15 nvd

CRITICAL 9.1

DescriptionCVE.org

PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController.

Analysis

PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController.

Technical ContextAI

Server-Side Request Forgery allows an attacker to induce the server to make HTTP requests to arbitrary destinations, including internal services. This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918).

RemediationAI

Validate and whitelist allowed URLs and IP ranges. Block requests to internal/private IP ranges. Use network segmentation to limit server-side request scope.

CVE-2025-65836 vulnerability details – vuln.today

Back

Publiccms CVE-2025-65836

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code