CVE-2025-44043

{"id": "CVE-2025-44043", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2025-06-10T16:15:40.823", "references": [{"url": "https://keyoti.com/products/search/dotNetWeb/HtmlHelp9/?topic=UserGuide/Release%20Notes.htm", "source": "cve@mitre.org"}, {"url": "https://www.sprocketsecurity.com/blog/cve-alert-cve-2025-44043-cve-2025-44044-the-search-bar-hacks-arent-dead-yet", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "Keyoti SearchUnit prior to 9.0.0. is vulnerable to Server-Side Request Forgery (SSRF) in /Keyoti_SearchEngine_Web_Common/SearchService.svc/GetResults and /Keyoti_SearchEngine_Web_Common/SearchService.svc/GetLocationAndContentCategories. An attacker can specify their own SMB server as the indexDirectory value when making POST requests to the affected components. In doing so an attacker can get the SearchUnit server to read and write configuration and log files from/to the attackers server."}, {"lang": "es", "value": "Keyoti SearchUnit anterior a la versi\u00f3n 9.0.0 es vulnerable a Server-side request forgery (SSRF) en /Keyoti_SearchEngine_Web_Common/SearchService.svc/GetResults y /Keyoti_SearchEngine_Web_Common/SearchService.svc/GetLocationAndContentCategories. Un atacante puede especificar su propio servidor SMB como valor de indexDirectory al realizar solicitudes POST a los componentes afectados. De esta forma, puede lograr que el servidor SearchUnit lea y escriba archivos de configuraci\u00f3n y registro desde/hacia el servidor del atacante."}], "lastModified": "2025-06-17T20:15:32.010", "sourceIdentifier": "cve@mitre.org"}