miurla morphic HTTP Status Code 3xx advanced-search fetchHtml server-side request...

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in miurla morphic up to 0.4.5. This impacts the function fetchHtml of the file /api/advanced-search of the component HTTP Status Code 3xx Handler. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used.

Basic Information

ID CVE-2025-10393

Source VulDB

Published Sep 14, 2025 at 06:02

Affected Product

Vendor miurla

Product morphic

Version 0.4.0

Affected Versions miurla morphic 0.4.0
miurla morphic 0.4.1
miurla morphic 0.4.2
miurla morphic 0.4.3
miurla morphic 0.4.4
miurla morphic 0.4.5

CWE Classification

CWE-918

References

{
    "lastseen": "",
    "description": "A flaw has been found in miurla morphic up to 0.4.5. This impacts the function fetchHtml of the file /api/advanced-search of the component HTTP Status Code 3xx Handler. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used.",
    "published": "2025-09-14T06:02:07.373Z",
    "modified": "2025-09-14T06:02:07.373Z",
    "type": "cve",
    "title": "miurla morphic HTTP Status Code 3xx advanced-search fetchHtml server-side request forgery",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.323828\nhttps://vuldb.com/?ctiid.323828\nhttps://vuldb.com/?submit.645509\nhttps://github.com/miurla/morphic/issues/670",
    "id": "CVE-2025-10393",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "miurla morphic 0.4.0\nmiurla morphic 0.4.1\nmiurla morphic 0.4.2\nmiurla morphic 0.4.3\nmiurla morphic 0.4.4\nmiurla morphic 0.4.5",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "morphic",
    "version": "0.4.0",
    "vendor": "miurla",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

miurla morphic HTTP Status Code 3xx advanced-search fetchHtml server-side request forgery_CVE-2025-10393