Skip to main content

Squidex EUVD-2026-25110

| CVE-2026-41177 MEDIUM
External Control of File Name or Path (CWE-73)
2026-04-22 GitHub_M
SSRF Squidex
5.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.5 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

6
Patch released
Apr 24, 2026 - 14:45 nvd
Patch available
Analysis Generated
Apr 23, 2026 - 07:06 vuln.today
Patch available
Apr 22, 2026 - 23:02 EUVD
EUVD ID Assigned
Apr 22, 2026 - 21:46 euvd
EUVD-2026-25110
Analysis Generated
Apr 22, 2026 - 21:46 vuln.today
CVE Published
Apr 22, 2026 - 21:24 nvd
MEDIUM 5.5

DescriptionGitHub Advisory

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery (SSRF). The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use of the file:// protocol. This allows an authenticated administrator to force the backend server to interact with the local filesystem, which can lead to Local File Interaction (LFI) and potential disclosure of sensitive system information through side-channel analysis of internal logs. Version 7.23.0 contains a fix.

AnalysisAI

Blind Server-Side Request Forgery (SSRF) in Squidex prior to version 7.23.0 allows authenticated administrators to force the backend server to interact with the local filesystem via the file:// protocol in the Restore API's Url parameter, potentially disclosing sensitive system information through side-channel analysis of internal logs. No public exploit code or active exploitation has been identified at time of analysis.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Compromise or obtain admin credentials
Delivery
Authenticate to Squidex API
Exploit
Craft malicious Restore API request with file:// URI
Execution
Backend server processes URI and attempts file access
Persist
Infer file contents via timing or log analysis
Impact
Exfiltrate sensitive system information
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires two mandatory conditions: (1) The attacker must authenticate as a user with high-privilege (administrator) role in Squidex - this is the critical gating factor that restricts exploitation to insider threats or accounts compromised through credential theft or social engineering. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 5.5 with PR:H (high privilege required) indicates moderate severity with a critical gating factor: only authenticated administrators can exploit this. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with compromised or insider admin credentials authenticates to Squidex and accesses the Restore API endpoint. They craft a malicious request with the `Url` parameter set to `file:///etc/passwd` (or another sensitive local file). …
Remediation Upgrade Squidex to version 7.23.0 or later immediately. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-25110 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy