CVE-2025-45872

zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the downloadUrl parameter.

CVSS

No CVSS.

References

Link	Resource
https://github.com/dengxmenglihua/cve/blob/main/ZrLog%20Blog%20System%20SSRF%20%2B%20File%20Overwrite%20Leading%20to%20RCE%20Vulnerability.md	Exploit Third Party Advisory
https://github.com/dengxmenglihua/cve/blob/main/ZrLog%20Blog%20System%20SSRF%20%2B%20File%20Overwrite%20Leading%20to%20RCE%20Vulnerability.md	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:zrlog:zrlog:3.1.5:*:*:*:*:*:*:*

History

14 Aug 2025, 20:52

Type	Values Removed	Values Added
CPE		cpe:2.3:a:zrlog:zrlog:3.1.5:::::::*
References	~~() https://github.com/dengxmenglihua/cve/blob/main/ZrLog%20Blog%20System%20SSRF%20%2B%20File%20Overwrite%20Leading%20to%20RCE%20Vulnerability.md -~~	() https://github.com/dengxmenglihua/cve/blob/main/ZrLog%20Blog%20System%20SSRF%20%2B%20File%20Overwrite%20Leading%20to%20RCE%20Vulnerability.md - Exploit, Third Party Advisory
First Time		Zrlog zrlog Zrlog

01 Jul 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-01 14:15

Updated : 2025-08-14 20:52

NVD link : CVE-2025-45872

Mitre link : CVE-2025-45872

JSON object : View

Products Affected

zrlog

CWE

No CWE.