CVE-2025-6517 | Dromara MaxKey up to 4.1.7 Meta URL SAML20DetailsController.java add post server-side request forgery

A vulnerability was found in Dromara MaxKey up to 4.1.7 and classified as critical. This issue affects the function Add of the file maxkey-websmaxkey-web-mgtsrcmainjavaorgdromaramaxkeywebappscontorllerSAML20DetailsController.java of the component Meta URL Handler. The manipulation of the argument post leads to server-side request forgery.

The identification of this vulnerability is CVE-2025-6517. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-6517 | Dromara MaxKey up to 4.1.7 Meta URL SAML20DetailsController.java add post server-side request forgery

Post correlati

CVE-2024-3771 | PHPGurukul Student Record System 3.20 /edit-subject.php sub1/sub2/sub3/sub4/udate sql injection

CVE-2024-4856 | FS Product Inquiry Plugin up to 1.1.1 on WordPress cross site scripting

CVE-2024-8477 | Brevo Newsletter, SMTP, Email Marketing and Subscribe Forms Plugin cross-site request forgery

CVE-2024-7822 | Quick Code Plugin up to 1.0 on WordPress cross site scripting