{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-53371", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-06-27T12:57:16.121Z", "datePublished": "2025-07-10T17:26:02.512Z", "dateUpdated": "2025-07-10T17:47:56.055Z"}, "containers": {"cna": {"title": "DiscordNotifications allows DOS, SSRF, and possible RCE through requests to user-controlled URLs", "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/miraheze/DiscordNotifications/security/advisories/GHSA-gvfx-p3h5-qf65", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/miraheze/DiscordNotifications/security/advisories/GHSA-gvfx-p3h5-qf65"}, {"name": "https://github.com/miraheze/DiscordNotifications/commit/1f20d850cbcce5b15951c7c6127b87b927a5415e", "tags": ["x_refsource_MISC"], "url": "https://github.com/miraheze/DiscordNotifications/commit/1f20d850cbcce5b15951c7c6127b87b927a5415e"}], "affected": [{"vendor": "miraheze", "product": "DiscordNotifications", "versions": [{"version": "< 1f20d850cbcce5b15951c7c6127b87b927a5415e", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-07-10T17:26:02.512Z"}, "descriptions": [{"lang": "en", "value": "DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending requests via curl and file_get_contents to arbitrary URLs set via $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls. This allows for DOS by causing the server to read large files. SSRF is also possible if there are internal unprotected APIs that can be accessed using HTTP POST requests, which could also possibly lead to RCE. This vulnerability is fixed in commit 1f20d850cbcce5b15951c7c6127b87b927a5415e."}], "source": {"advisory": "GHSA-gvfx-p3h5-qf65", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-10T17:47:50.722427Z", "id": "CVE-2025-53371", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-10T17:47:56.055Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-53371", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-10T17:47:50.722427Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-10T17:47:53.560Z"}}], "cna": {"title": "DiscordNotifications allows DOS, SSRF, and possible RCE through requests to user-controlled URLs", "source": {"advisory": "GHSA-gvfx-p3h5-qf65", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "miraheze", "product": "DiscordNotifications", "versions": [{"status": "affected", "version": "< 1f20d850cbcce5b15951c7c6127b87b927a5415e"}]}], "references": [{"url": "https://github.com/miraheze/DiscordNotifications/security/advisories/GHSA-gvfx-p3h5-qf65", "name": "https://github.com/miraheze/DiscordNotifications/security/advisories/GHSA-gvfx-p3h5-qf65", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/miraheze/DiscordNotifications/commit/1f20d850cbcce5b15951c7c6127b87b927a5415e", "name": "https://github.com/miraheze/DiscordNotifications/commit/1f20d850cbcce5b15951c7c6127b87b927a5415e", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending requests via curl and file_get_contents to arbitrary URLs set via $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls. This allows for DOS by causing the server to read large files. SSRF is also possible if there are internal unprotected APIs that can be accessed using HTTP POST requests, which could also possibly lead to RCE. This vulnerability is fixed in commit 1f20d850cbcce5b15951c7c6127b87b927a5415e."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-07-10T17:26:02.512Z"}}}, "cveMetadata": {"cveId": "CVE-2025-53371", "state": "PUBLISHED", "dateUpdated": "2025-07-10T17:47:56.055Z", "dateReserved": "2025-06-27T12:57:16.121Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-07-10T17:26:02.512Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending requests via curl and file_get_contents to arbitrary URLs set via $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls. This allows for DOS by causing the server to read large files. SSRF is also possible if there are internal unprotected APIs that can be accessed using HTTP POST requests, which could also possibly lead to RCE. This vulnerability is fixed in commit 1f20d850cbcce5b15951c7c6127b87b927a5415e."}, {"lang": "es", "value": "DiscordNotifications es una extensi\u00f3n para MediaWiki que env\u00eda notificaciones de acciones en tu wiki a un canal de Discord. DiscordNotifications permite enviar solicitudes mediante curl y file_get_contents a URLs arbitrarias configuradas mediante $wgDiscordIncomingWebhookUrl y $wgDiscordAdditionalIncomingWebhookUrls. Esto permite ataques de denegaci\u00f3n de servicio (DOS) al obligar al servidor a leer archivos grandes. SSRF tambi\u00e9n es posible si existen API internas sin protecci\u00f3n a las que se puede acceder mediante solicitudes HTTP POST, lo que podr\u00eda provocar un RCE. Esta vulnerabilidad est\u00e1 corregida en el commit 1f20d850cbcce5b15951c7c6127b87b927a5415e."}], "id": "CVE-2025-53371", "lastModified": "2025-07-15T13:24:41.097", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 5.3, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-07-10T18:15:24.280", "references": [{"source": "[email protected]", "url": "https://github.com/miraheze/DiscordNotifications/commit/1f20d850cbcce5b15951c7c6127b87b927a5415e"}, {"source": "[email protected]", "url": "https://github.com/miraheze/DiscordNotifications/security/advisories/GHSA-gvfx-p3h5-qf65"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}, {"lang": "en", "value": "CWE-918"}], "source": "[email protected]", "type": "Primary"}]}

{}