CVE advisoryCRITICAL
CVE-2020-25466
CRMEB 3.0 Server-Side Request Forgery and Remote Code Execution Vulnerability
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A critical SSRF vulnerability in CRMEB 3.0's downloadimage interface allows unauthenticated remote attackers to download arbitrary server files, potentially leading to remote code execution. This could expose sensitive information or compromise the system.