Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery (SSRF) in the /api_vedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL parameter.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 12 Aug 2025 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Vedo
Vedo vedo Suite
Vendors & Products Vedo
Vedo vedo Suite

Thu, 07 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-918
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 06 Aug 2025 21:00:00 +0000

Type Values Removed Values Added
Description Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery (SSRF) in the /api_vedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL parameter.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-08-07T13:37:57.375Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-51058

cve-icon Vulnrichment

Updated: 2025-08-07T13:37:50.766Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-06T21:15:30.560

Modified: 2025-08-07T21:26:37.453

Link: CVE-2025-51058

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-12T12:05:46Z