{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2025-0474",
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"state": "PUBLISHED",
"assignerShortName": "VulnCheck",
"dateReserved": "2025-01-14T17:02:11.906Z",
"datePublished": "2025-01-14T18:50:30.331Z",
"dateUpdated": "2026-07-14T22:25:31.874Z"
},
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"packageURL": "pkg:github/invoiceninja/invoiceninja",
"platforms": [
"Linux"
],
"product": "Invoice Ninja",
"programFiles": [
"https://github.com/invoiceninja/invoiceninja/blob/6765bfef3fed703fda2b1028729c1728e2eb4652/app/Utils/Traits/Pdf/PdfMaker.php"
],
"repo": "https://github.com/invoiceninja/invoiceninja/",
"vendor": "Invoice Ninja",
"versions": [
{
"changes": [
{
"at": "5.11.24",
"status": "unknown"
}
],
"lessThanOrEqual": "5.11.23",
"status": "affected",
"version": "5.8.56",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invoiceninja:invoice_ninja:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.11.23",
"versionStartIncluding": "5.8.56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Branko Brkic"
},
{
"lang": "en",
"type": "finder",
"value": "Louka Jacques-Chevallier"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery (SSRF) allowing for arbitrary file read and network resource requests as the application user.
This issue affects Invoice Ninja: from 5.8.56 through 5.11.23.
" } ], "value": "Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery (SSRF) allowing for arbitrary file read and network resource requests as the application user.\nThis issue affects Invoice Ninja: from 5.8.56 through 5.11.23." } ], "impacts": [ { "capecId": "CAPEC-639", "descriptions": [ { "lang": "en", "value": "CAPEC-639 Probe System Files" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-07-14T22:25:31.874Z" }, "references": [ { "tags": [ "patch" ], "url": "https://github.com/invoiceninja/invoiceninja/commit/2a9bf353b432d7060e85487b617151ecbc36247d" }, { "tags": [ "third-party-advisory" ], "url": "https://vulncheck.com/advisories/invoice-ninja-ssrf" }, { "tags": [ "patch" ], "url": "https://github.com/invoiceninja/invoiceninja/compare/97ae948618230c1812f3223b80bf22dcb0382dc5..435780932fe19063001d79ba518815df62773d71" } ], "source": { "discovery": "UNKNOWN" }, "title": "Invoice Ninja PDF Rendering Server Side Request Forgery", "x_generator": { "engine": "vulncheck" } }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "id": "CVE-2025-0474", "role": "CISA Coordinator", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "version": "2.0.3", "timestamp": "2025-01-14T21:34:47.777006Z" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T20:31:19.642Z" } } ] } }