CVE-2023-1725 Infoline Tr CVE debrief

Who should care

Administrators and security teams responsible for Infoline Project Management System deployments, especially instances running versions before 4.09.31.125. Network defenders should also pay attention if the application can make outbound web requests or reach internal services.

Technical summary

The NVD entry maps the issue to CWE-918 and lists the affected CPE as infoline-tr:project_management_system with vulnerable versions ending before 4.09.31.125. The vulnerability is described as SSRF, meaning the application can be induced to make server-side requests. NVD assigns CVSS 3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, and the record cites a USOM advisory as a reference.

Defensive priority

critical

Recommended defensive actions

• Upgrade Infoline Project Management System to 4.09.31.125 or later.
• Restrict and monitor outbound network access from the application server, especially to sensitive internal destinations.
• Review proxy, firewall, and application logs for suspicious server-side outbound requests around the affected period.
• Validate that any user-controlled URLs, callbacks, imports, or fetch features are tightly allowlisted and sanitized.
• Follow the linked USOM advisory and NVD record for any vendor-specific remediation guidance.

Evidence notes

Source evidence comes from the NVD CVE record and its referenced USOM advisory. The NVD metadata identifies the affected product family, version cutoff, CWE-918 classification, and CVSS vector. No known exploitation or KEV listing was supplied in the corpus.

Official resources