CVE-2025-10395 is a Server-Side Request Forgery (SSRF) vulnerability identified in Magicblack MacCMS version 2025.1000.4050. The vulnerability resides in the Scheduled Task Handler component, specifically in the function col_url. By manipulating the argument 'cjurl', an attacker can cause the server to make arbitrary HTTP requests. This SSRF flaw allows remote attackers to coerce the vulnerable server into initiating requests to internal or external resources that the attacker would not normally have direct access to. The vulnerability does not require user interaction but does require high privileges (PR:H) on the system to exploit, indicating that the attacker must have some level of authenticated access or elevated permissions to trigger the flaw. The CVSS 4.0 base score is 5.1, categorized as medium severity, with network attack vector (AV:N), low complexity (AC:L), no user interaction (UI:N), and low impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). The vulnerability is currently published but no known exploits in the wild have been reported. No patches or mitigation links are provided at this time. SSRF vulnerabilities can be leveraged for reconnaissance of internal networks, accessing sensitive internal services, or bypassing firewall restrictions, potentially leading to further exploitation depending on the internal environment and services accessible via the SSRF.

For European organizations using Magicblack MacCMS 2025.1000.4050, this SSRF vulnerability poses a moderate risk. Attackers with high privileges could exploit this flaw to perform unauthorized internal network scanning, access internal-only services, or exfiltrate data by making the server act as a proxy. This could lead to exposure of sensitive internal resources, including databases, internal APIs, or cloud metadata services, which may contain confidential information. The medium severity rating reflects the requirement for elevated privileges, which somewhat limits the attack surface but does not eliminate risk, especially in environments where privilege escalation or insider threats are possible. The impact on confidentiality, integrity, and availability is low to moderate but could be escalated if combined with other vulnerabilities or misconfigurations. European organizations in sectors such as media, content management, or digital publishing that rely on MacCMS for content delivery or management could face operational disruptions or data breaches if exploited. Additionally, regulatory frameworks like GDPR impose strict data protection requirements, and exploitation leading to data exposure could result in legal and financial consequences.

Given the absence of official patches, European organizations should implement the following specific mitigations: 1) Restrict access to the Scheduled Task Handler component and the col_url function to only trusted administrators and internal networks to reduce the risk of exploitation by unauthorized users. 2) Implement strict input validation and sanitization on the 'cjurl' parameter to prevent manipulation and ensure only allowed URLs or domains can be requested. 3) Employ network segmentation and firewall rules to limit the server's ability to make outbound requests to sensitive internal resources or external untrusted networks. 4) Monitor and log all outgoing requests initiated by the MacCMS server, focusing on unusual or unexpected destinations that could indicate exploitation attempts. 5) Conduct regular privilege audits to ensure that only necessary users have high-level permissions required to exploit this vulnerability. 6) Consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block SSRF attack patterns targeting the col_url parameter. 7) Stay alert for vendor updates or patches addressing this vulnerability and plan prompt deployment once available.