PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-25870 doramart CVE debrief

CVE-2026-25870 is a server-side request forgery (SSRF) vulnerability in DoraCMS version 3.1 and prior. The vulnerability exists in the UEditor remote image fetch functionality, which accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. This allows an attacker to induce the server to issue outbound requests to arbitrary hosts, potentially enabling internal network scanning and denial of service through resource exhaustion.

Vendor
doramart
Product
DoraCMS
CVSS
MEDIUM 6.9
CISA KEV
Not listed in stored evidence
Original CVE published
2026-02-10
Original CVE updated
2026-07-14
Advisory published
2026-02-10
Advisory updated
2026-07-14

Who should care

Administrators and users of DoraCMS version 3.1 and prior should be aware of this vulnerability and take necessary actions to mitigate it. This vulnerability can be used to scan internal networks and cause denial of service attacks, potentially leading to significant disruptions and security risks.

Technical summary

The vulnerability exists in the UEditor remote image fetch functionality of DoraCMS version 3.1 and prior. The application does not enforce allowlists, block internal or private IP address ranges, or apply request timeouts or response size limits. This lack of validation and restriction allows an attacker to submit arbitrary URLs, which the server will then process, potentially leading to SSRF attacks. The absence of these security measures enables attackers to induce the server to issue outbound requests to arbitrary hosts, including internal network resources, which could lead to internal network scanning and denial of service through resource exhaustion. Further verification of the vulnerability's impact and affected systems is necessary to understand the full scope of the risk.

Defensive priority

High

Recommended defensive actions

  • Update DoraCMS to a version that fixes the SSRF vulnerability
  • Implement allowlists and block internal or private IP address ranges
  • Apply request timeouts and response size limits to prevent resource exhaustion
  • Monitor server logs for suspicious activity
  • Consider implementing additional security measures such as web application firewalls

Evidence notes

The CVE record and NVD detail provide information about the vulnerability, but the source item and references provide additional context and potential mitigations. However, the evidence is limited, and further verification is necessary to fully understand the vulnerability and its impact.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-02-10T23:16:16.287Z and has not been modified since then. The NVD entry is currently Deferred.