Application logic in Jizhicms 2.5.4 processes URLs supplied by users in the User Evaluation, Message, and Comment modules without validating the destination. An attacker can thus cause the server to send requests to arbitrary internal or external endpoints, potentially exposing sensitive data, facilitating lateral movement, or enabling fetching of resources hidden from the public network. The weakness is classified as CWE‑918, which indicates unchecked server-side request handling. The impact encompasses confidentiality and integrity of internal services, potential data exfiltration, and the compromise of the affected server’s trust boundary.

Jizhicms Community Edition version 2.5.4 on any web server configuration. No other versions or variants were identified in the provided data. The product is known under the namespace jizhicms:jizhicms, and the vulnerability is tied to its web modules handling user-generated content.

The CVSS score of 9.1 denotes a high severity attack with remote hijacking potential. EPSS indicates the likelihood of exploitation is low (<1%), and the vulnerability is not currently listed in CISA's KEV catalog. Nevertheless, SSRF flaws are routinely exploited in the wild, especially when the application allows arbitrary URLs. An attacker would send a crafted request through the vulnerable module to the target, triggering the server to act as a proxy. No special authentication or privileged access is described in the input, suggesting that the attack could be performed by any external user submitting content to the affected modules.