NucleoidAI Nucleoid Outbound Request cluster.ts extension.apply server-side request forgery

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

Description

A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the function extension.apply of the file /src/cluster.ts of the component Outbound Request Handler. Such manipulation of the argument https/ip/port/path/headers leads to server-side request forgery. The attack may be performed from remote.

Basic Information

ID CVE-2025-11864

Source VulDB

Published Oct 16, 2025 at 21:02

Affected Product

Vendor NucleoidAI

Product Nucleoid

Version 0.7.0

Affected Versions NucleoidAI Nucleoid 0.7.0
NucleoidAI Nucleoid 0.7.1
NucleoidAI Nucleoid 0.7.2
NucleoidAI Nucleoid 0.7.3
NucleoidAI Nucleoid 0.7.4
NucleoidAI Nucleoid 0.7.5
NucleoidAI Nucleoid 0.7.6
NucleoidAI Nucleoid 0.7.7
NucleoidAI Nucleoid 0.7.8
NucleoidAI Nucleoid 0.7.9
NucleoidAI Nucleoid 0.7.10

CWE Classification

CWE-918

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the function extension.apply of the file /src/cluster.ts of the component Outbound Request Handler. Such manipulation of the argument https/ip/port/path/headers leads to server-side request forgery. The attack may be performed from remote.",
    "published": "2025-10-16T21:02:05.652Z",
    "modified": "2025-10-16T21:02:05.652Z",
    "type": "cve",
    "title": "NucleoidAI Nucleoid Outbound Request cluster.ts extension.apply server-side request forgery",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.328809\nhttps://vuldb.com/?ctiid.328809\nhttps://vuldb.com/?submit.669928\nhttps://github.com/lakshayyverma/CVE-Discovery/blob/main/Nucleoid.md",
    "id": "CVE-2025-11864",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "NucleoidAI Nucleoid 0.7.0\nNucleoidAI Nucleoid 0.7.1\nNucleoidAI Nucleoid 0.7.2\nNucleoidAI Nucleoid 0.7.3\nNucleoidAI Nucleoid 0.7.4\nNucleoidAI Nucleoid 0.7.5\nNucleoidAI Nucleoid 0.7.6\nNucleoidAI Nucleoid 0.7.7\nNucleoidAI Nucleoid 0.7.8\nNucleoidAI Nucleoid 0.7.9\nNucleoidAI Nucleoid 0.7.10",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Nucleoid",
    "version": "0.7.0",
    "vendor": "NucleoidAI",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

NucleoidAI Nucleoid Outbound Request cluster.ts extension.apply server-side request forgery_CVE-2025-11864