Tencent WeKnora test testEmbeddingModel server-side request forgery_CVE-2025-11046

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be exploited. It is advisable to upgrade the affected component. The vendor responds: "We have confirmed that the issue mentioned in the report does not exist in the latest releases".

Basic Information

ID CVE-2025-11046

Source VulDB

Published Sep 26, 2025 at 21:02

Affected Product

Vendor Tencent

Product WeKnora

Version 0.1.0

Affected Versions Tencent WeKnora 0.1.0

CWE Classification

CWE-918

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be exploited. It is advisable to upgrade the affected component. The vendor responds: \"We have confirmed that the issue mentioned in the report does not exist in the latest releases\".",
    "published": "2025-09-26T21:02:05.829Z",
    "modified": "2025-09-26T21:02:05.829Z",
    "type": "cve",
    "title": "Tencent WeKnora test testEmbeddingModel server-side request forgery",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.326083\nhttps://vuldb.com/?ctiid.326083\nhttps://vuldb.com/?submit.658926\nhttps://github.com/Hebing123/cve/issues/90",
    "id": "CVE-2025-11046",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "Tencent WeKnora 0.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WeKnora",
    "version": "0.1.0",
    "vendor": "Tencent",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}