Back to search
CVE-2025-10695
Published: Oct 3, 2025
Modified: Oct 6, 2025
PUBLISHED
Description
Two unauthenticated diagnostic endpoints allow arbitrary backend-initiated network connections to an attacker‑supplied destination. Both endpoints are exposed with permission => 'any', enabling unauthenticated SSRF for internal network scanning and service interaction. This issue affects OpenSupports: 4.11.0.
| Vendor | Product | Versions |
|---|---|---|
OpenSupports | OpenSupports | affected 4.11.0 |
Weaknesses (CWE)
References
https://fluidattacks.com/advisories/freer
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now