CVE-2025-9414 | kalcaddle kodbox 1.61 Download from Link serverDownload url server-side request forgery

A vulnerability marked as critical has been reported in kalcaddle kodbox 1.61. Affected by this vulnerability is an unknown functionality of the file /?explorer/upload/serverDownload of the component Download from Link Handler. Performing manipulation of the argument url results in server-side request forgery.

This vulnerability is known as CVE-2025-9414. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-9414 | kalcaddle kodbox 1.61 Download from Link serverDownload url server-side request forgery

Post correlati

CVE-2024-5336 | Ruijie RG-UAC up to 20240516 vlan_add_commit.php addVlan phyport os command injection

CVE-2024-28677 | DedeCMS 5.7 article_keywords_main.php cross-site request forgery

CVE-2024-27188 | Cloudways Breeze Plugin up to 2.1.3 on WordPress cross site scripting

CVE-2025-5349 | Citrix NetScaler ADC/NetScaler Gateway up to 43.55/58.31 Management Interface improper validation of specified quantity in input (CTX693420)