CVE advisoryCRITICAL
CVE-2024-25294
REBUILD 3.5 SSRF Vulnerability Allows Information Disclosure and Code Execution
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A server-side request forgery vulnerability in REBUILD's file downloader allows remote attackers to obtain sensitive information and execute arbitrary code by manipulating URL parameters. This issue affects REBUILD version 3.5.