How to fix EUVD-2025-200089?

Within 24 hours: Inventory all PublicCMS V5.202506.b instances and restrict network access to the chat interface via firewall rules. Within 7 days: Implement Web Application Firewall (WAF) rules to block malicious SSRF payloads targeting the SimpleAiAdminController endpoint, disable the chat feature if non-essential, or isolate affected systems from sensitive internal networks. Within 30 days: Develop a migration plan to upgrade to a patched version when available, or evaluate alternative solutions; conduct a security audit of chat interface logs for signs of exploitation.

Is Publiccms affected by EUVD-2025-200089?

PublicCMS V5.202506.b contains a critical Server-Side Request Forgery (SSRF) vulnerability in its chat interface that allows attackers to bypass network controls and access internal systems.

EUVD-2025-200089

| CVE-2025-65836 CRITICAL

2025-12-01 [email protected]

9.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 13:34 euvd

EUVD-2025-200089

Analysis Generated

Mar 15, 2026 - 13:34 vuln.today

PoC Detected

Dec 04, 2025 - 18:09 vuln.today

Public exploit code

CVE Published

Dec 01, 2025 - 20:15 nvd

CRITICAL 9.1

Description

PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController.

Analysis

PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController.

Technical Context

Server-Side Request Forgery allows an attacker to induce the server to make HTTP requests to arbitrary destinations, including internal services. This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918).

Affected Products

Affected products: Publiccms Publiccms 5.202506.b

Remediation

Validate and whitelist allowed URLs and IP ranges. Block requests to internal/private IP ranges. Use network segmentation to limit server-side request scope.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +46

POC: +20

EUVD-2025-200089 vulnerability details – vuln.today

Back

EUVD-2025-200089

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-200089

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code