External risk intelligence

JizhiCMS SSRF Vulnerability Allows Intranet Scanning.

CVE advisorySeverity: CRITICAL (CVSS 9.1)

CVE-2025-25785

JizhiCMS is a content management system designed to be deployed as a public-facing web application. Since it functions as a web-based platform intended for internet access, the components within it, including controllers that handle requests, are commonly exposed to the public internet by design.

Server-Side Request Forgery

Jizhicms

2.5.4

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability has been identified in JizhiCMS software that could allow unauthorized access to internal network resources. This issue, a Server-Side Request Forgery, means an attacker could potentially scan your internal systems by sending a specially crafted request. The main concern is confirming if this software is in use and if it is exposed externally, as the potential for broad impact exists if not properly secured.

  • Attackers can scan internal networks via a web flaw.
  • Critical flaw could expose internal systems to attackers.
  • Confirm JizhiCMS use and external exposure.

Attack Path

How an attacker could exploit the issue

An attacker could exploit this vulnerability by sending a specially crafted request to a JizhiCMS instance. This request would target the PluginsController, triggering a Server-Side Request Forgery. If successful, the attacker could use this to scan internal networks and potentially access sensitive information or systems.

  • No authentication or user interaction needed.
  • Crafted request to PluginsController.
  • Intranet scanning and potential data access.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an attacker to initiate requests from the server to internal network resources. When supported by the advisory, this could be used to scan the intranet, potentially revealing sensitive information about the internal network architecture.

  • Internal network information.
  • Crafted requests target server.
  • Intranet scanning.

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability affects JizhiCMS, likely deployed as a public-facing web application. Responsibility for addressing this issue will likely fall to application owners, infrastructure teams, and potentially vendor-management teams if commercial support is involved. The immediate first step is to identify all instances of JizhiCMS, determine their exposure and criticality, and then assign ownership for remediation planning.

  • Application owners should take primary responsibility.
  • Verify all JizhiCMS instances and their exposure.
  • Plan remediation based on identified risk.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is JizhiCMS?

JizhiCMS is a content management system used to build and maintain websites. It functions as a web-based platform that administrators use to organize digital content, which often requires the software to be hosted on servers accessible via the internet.

What does Server-Side Request Forgery mean for CVE-2025-25785?

This vulnerability is classified as CWE-918. It means the application can be tricked into making unintended network requests. Instead of performing actions on its own, the server is manipulated to interact with other systems on your internal network, acting as a proxy for the attacker.

How is this SSRF vulnerability triggered?

An attacker triggers this flaw by sending a specifically crafted request to the PluginsController.php component of JizhiCMS. It is important to note that no authentication or prior user interaction is required to initiate this request, making it accessible to anyone who can reach the web server.

Is my JizhiCMS instance at risk?

According to Halo Surface Signal, JizhiCMS is designed as a public-facing web application. If your instance is connected to the internet, it is inherently exposed to these crafted requests. Systems that are fully isolated from the public internet have a lower risk profile than those hosting active websites.

What should I do if I run JizhiCMS?

First, conduct an inventory to locate all deployed instances within your environment. Once identified, evaluate whether each instance is exposed to the internet. Prioritize these findings with your infrastructure teams to establish clear ownership and begin planning the necessary updates or security configurations to mitigate the risk.

References