CVE-2025-9402 | HuangDou UTCMS 9 Config update.php UPDATEURL server-side request forgery

A vulnerability was found in HuangDou UTCMS 9. It has been rated as critical. This issue affects some unknown processing of the file app/modules/ut-frame/admin/update.php of the component Config Handler. Performing manipulation of the argument UPDATEURL results in server-side request forgery.

This vulnerability is reported as CVE-2025-9402. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-9402 | HuangDou UTCMS 9 Config update.php UPDATEURL server-side request forgery

Post correlati

CVE-2024-26814 | Linux Kernel up to 6.1.83/6.6.23/6.7.11/6.8.2 request_irq infinite loop

CVE-2024-41254 | litestream 0.3.13 Host Key Verification ssh.InsecureIgnoreHostKey channel accessible

CVE-2024-6941 | ThinkSAAS 3.7.0 app/system/action/do.php cross site scripting (Issue 36)

CVE-2025-21734 | Linux Kernel up to 6.1.128/6.6.77/6.12.13/6.13.2 fastrpc out-of-bounds