{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-50228", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-09T14:44:40.458Z", "dateReserved": "2025-06-16T00:00:00.000Z", "datePublished": "2026-04-09T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-09T14:44:40.458Z"}, "descriptions": [{"lang": "en", "value": "Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery (SSRF) in User Evaluation, Message, and Comment modules."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/Cherry-toto/jizhicms"}, {"url": "https://www.jizhicms.cn"}, {"url": "https://github.com/Cherry-toto/jizhicms/issues/104"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery (SSRF) in User Evaluation, Message, and Comment modules."}], "id": "CVE-2025-50228", "lastModified": "2026-04-09T15:16:07.433", "metrics": {}, "published": "2026-04-09T15:16:07.433", "references": [{"source": "cve@mitre.org", "url": "https://github.com/Cherry-toto/jizhicms"}, {"source": "cve@mitre.org", "url": "https://github.com/Cherry-toto/jizhicms/issues/104"}, {"source": "cve@mitre.org", "url": "https://www.jizhicms.cn"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.5.4"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "jizhicms", "vendor": "cherry-toto"}], "analysis": {"en": {"generated_at": "2026-04-09T16:29:59.287742+00:00", "value": {"mitigation_remediation": ["Check the vendor\u2019s website or GitHub for a patched version of Jizhicms, and upgrade if a fix is available.", "If upgrading is not immediately possible, restrict outbound network traffic from the web server to limit its ability to reach internal resources, thereby mitigating the SSRF attack surface."], "summary": {"action": "Patch", "impact": "Potential internal network disclosure via server\u2011side request forgery"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Jizhicms content management system, specifically version 2.5.4. No additional vendor or product details are provided.", "description_and_impact": "Jizhicms version 2.5.4 contains a server\u2011side request forgery vulnerability within the User Evaluation, Message, and Comment modules. An attacker can craft input that forces the server to make arbitrary HTTP requests to internal or external resources, which may expose sensitive data, access internal services, or facilitate further attacks.", "risk_and_exploitability": "The risk level is uncertain due to the lack of CVSS, EPSS, or KEV scores. The exploitability is high if the vulnerable application is exposed to untrusted users, as the SSRF can be triggered through normal user interactions. There is no official patch or workaround listed; mitigation relies on applying a newer version or restricting outbound requests."}}}}, "created": "2026-04-10T08:54:07.167985+00:00", "title": "Server\u2011Side Request Forgery in User Evaluation, Message, and Comment Modules of Jizhicms v2.5.4", "updated": "2026-04-10T09:33:16.688324+00:00", "vendors": ["cherry-toto", "cherry-toto$PRODUCT$jizhicms"], "weaknesses": ["CWE-918"]}