{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2025-0474", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-01-14T17:02:11.906Z", "datePublished": "2025-01-14T18:50:30.331Z", "dateUpdated": "2026-07-14T22:25:31.874Z" }, "containers": { "cna": { "affected": [ { "defaultStatus": "unknown", "packageURL": "pkg:github/invoiceninja/invoiceninja", "platforms": [ "Linux" ], "product": "Invoice Ninja", "programFiles": [ "https://github.com/invoiceninja/invoiceninja/blob/6765bfef3fed703fda2b1028729c1728e2eb4652/app/Utils/Traits/Pdf/PdfMaker.php" ], "repo": "https://github.com/invoiceninja/invoiceninja/", "vendor": "Invoice Ninja", "versions": [ { "changes": [ { "at": "5.11.24", "status": "unknown" } ], "lessThanOrEqual": "5.11.23", "status": "affected", "version": "5.8.56", "versionType": "semver" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:invoiceninja:invoice_ninja:*:*:*:*:*:*:*:*", "versionEndIncluding": "5.11.23", "versionStartIncluding": "5.8.56", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "OR" } ], "credits": [ { "lang": "en", "type": "finder", "value": "Branko Brkic" }, { "lang": "en", "type": "finder", "value": "Louka Jacques-Chevallier" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery (SSRF) allowing for arbitrary file read and network resource requests as the application user.

This issue affects Invoice Ninja: from 5.8.56 through 5.11.23.

" } ], "value": "Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery (SSRF) allowing for arbitrary file read and network resource requests as the application user.\nThis issue affects Invoice Ninja: from 5.8.56 through 5.11.23." } ], "impacts": [ { "capecId": "CAPEC-639", "descriptions": [ { "lang": "en", "value": "CAPEC-639 Probe System Files" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-07-14T22:25:31.874Z" }, "references": [ { "tags": [ "patch" ], "url": "https://github.com/invoiceninja/invoiceninja/commit/2a9bf353b432d7060e85487b617151ecbc36247d" }, { "tags": [ "third-party-advisory" ], "url": "https://vulncheck.com/advisories/invoice-ninja-ssrf" }, { "tags": [ "patch" ], "url": "https://github.com/invoiceninja/invoiceninja/compare/97ae948618230c1812f3223b80bf22dcb0382dc5..435780932fe19063001d79ba518815df62773d71" } ], "source": { "discovery": "UNKNOWN" }, "title": "Invoice Ninja PDF Rendering Server Side Request Forgery", "x_generator": { "engine": "vulncheck" } }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "id": "CVE-2025-0474", "role": "CISA Coordinator", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "version": "2.0.3", "timestamp": "2025-01-14T21:34:47.777006Z" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T20:31:19.642Z" } } ] } }