Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2025-50228 -- CVSS 9.1 Vulnerability Briefing

CVE-2025-50228 | CVSS 9.1 (Critical) | Exploit: No known exploit

What Is It

CVE-2025-50228 is a Server-Side Request Forgery (SSRF) vulnerability affecting Jizhicms version 2.5.4, specifically within the User Evaluation, Message, and Comment modules of the content management system.

Technical Detail

The flaw exists because the affected modules accept user-supplied URLs or network destinations without adequate validation or restriction, allowing an attacker to craft malicious input that causes the server to issue arbitrary outbound HTTP requests. An attacker can exploit this to probe internal network resources, interact with services on the host or adjacent systems that are not exposed externally, and potentially retrieve sensitive metadata such as cloud instance credentials from internal endpoints. In environments where the application server has access to privileged internal services, successful exploitation could facilitate lateral movement or information disclosure beyond the application boundary.

Exploitation Status

No known exploit code has been publicly identified at this time, and this CVE is not listed in the CISA Known Exploited Vulnerabilities catalog. The exploit maturity is currently assessed as no known exploit, meaning active in-the-wild exploitation has not been confirmed as of this writing.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been associated with this vulnerability in available intelligence sources.

What To Do

Organizations running Jizhicms v2.5.4 should review vendor advisories and apply any available patches or updated releases as a priority given the critical CVSS score of 9.1. If a patch is not yet available, administrators should implement egress filtering on the application server to restrict outbound HTTP requests to known, necessary destinations, and block access to internal network ranges and cloud metadata endpoints such as 169.254.169.254. Input validation controls should be enforced at the application layer to reject or sanitize URL parameters accepted by the User Evaluation, Message, and Comment modules. Web application firewall rules targeting SSRF patterns in these input fields can provide an additional detection and blocking layer. Monitor outbound traffic from the application server for anomalous requests to internal RFC 1918 addresses or metadata service endpoints as a detection signal.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →