CVE-2025-27501

HIGH EPSS 28.5%

Published Mar 3, 20251y ago · Modified Jun 17, 20261w ago

8.6 CVSS 3.1

High

Published Mar 3, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint on the admin panel can be accessed without any form of authentication. This endpoint accepts a user-supplied URL parameter to connect to an OpenZiti Controller and performs a server-side request, resulting in a potential Server-Side Request Forgery (SSRF) vulnerability. The fixed version has moved the request to the external controller from the server side to the client side, thereby eliminating the identity of the node from being used to gain any additional permissions. This vulnerability is fixed in 3.7.1.

CVSS Details

Base Score

8.6

Exploitability

3.9

Impact

4.0

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Changed

Confidentiality High

Integrity None

Availability None

Threat Intelligence

EPSS Exploit Probability

28.5% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-918 Server-Side Request Forgery (SSRF) Validation

Affected Products 1

Vendor	Product	Version	Range
openziti	openziti	*	<3.7.1

References 1

github.com https://github.com/openziti/ziti-console/security/advisories/GHSA-fqxh-vfv5-8qjp

Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.