Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Dromara MaxKey Server-Side Request Forgery Vulnerability in SAML20DetailsController

Vulnerability

Exploited

A critical server-side request forgery (SSRF) vulnerability has been identified in Dromara MaxKey versions through 4.1.7. The issue arises in the SAML20DetailsController component, specifically within the Add function of the Meta URL Handler. The vulnerability allows remote attackers to manipulate the post argument, potentially leading to unauthorized requests being sent from the server to internal or external resources.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the server send requests on its behalf. This could be used to access internal services or resources that are not normally exposed to the outside world.

Added: Jun 23, 2025, 6:22 PM

Updated: Jun 23, 2025, 8:51 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.9

remediation

0.0

relevance

0.2

threat

8.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.9

remediation

0.0

relevance

0.2

threat

8.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Dromara MaxKey Server-Side Request Forgery Vulnerability in SAML20DetailsController

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating