Is there a public PoC exploit available for CVE-2025-8228?

Yes, a public proof-of-concept exploit is available for CVE-2025-8228. Prioritise patching immediately. EPSS: 0.1%.

ChanCMS CVE-2025-8228

Q: What is the CVSS score of CVE-2025-8228?

CVE-2025-8228 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

LOW

Server-Side Request Forgery (SSRF) (CWE-918)

2025-07-27 cna@vuldb.com

SSRF Chancms

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 01:50 vuln.today

DescriptionCVE.org

A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function getPages of the file /cms/collect/getPages. The manipulation of the argument targetUrl leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component.

AnalysisAI

Server-side request forgery in ChanCMS up to version 3.1.2 allows authenticated attackers to conduct SSRF attacks via the targetUrl parameter in the /cms/collect/getPages endpoint. The CVSS score of 2.1 reflects low confidentiality and integrity impact on the vulnerable component itself, but the publicly disclosed exploit and low EPSS score (0.10%, percentile 26%) suggest this vulnerability carries minimal real-world exploitation risk despite active public disclosure.

Technical ContextAI

The vulnerability exists in the getPages function of the /cms/collect/getPages endpoint, where user-supplied input in the targetUrl parameter is not properly validated before being used in an HTTP request by the server. This is a classic Server-Side Request Forgery (CWE-918) vulnerability where the application constructs a request to an attacker-controlled URL without adequate sanitization. ChanCMS is a PHP-based content management system, and SSRF vulnerabilities in this context typically allow attackers to make requests to internal network resources, local file systems via protocols like file://, or to reach services not directly accessible from the attacker's network position.

RemediationAI

Upgrade ChanCMS to version 3.1.3 or later, which contains the fix for the SSRF vulnerability. This is the vendor-recommended and primary remediation. If immediate upgrade is not possible, implement the following compensating controls: restrict network access to the /cms/collect/getPages endpoint by IP whitelist or WAF rule to allow only trusted internal systems; implement egress filtering on the CMS server to block outbound connections to private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), loopback addresses, and link-local addresses; enforce strict URL validation on the targetUrl parameter using an allowlist approach before the parameter reaches the vulnerable function; disable the ChanCMS collect feature entirely if not required for business operations. Egress filtering provides defense-in-depth but may impact legitimate functionality if the CMS legitimately needs to fetch external resources, so coordinate with application owners before implementation.

CVE-2025-8228 vulnerability details – vuln.today

Back