CVE-2025-11046 is a Server-Side Request Forgery (SSRF) vulnerability identified in Tencent WeKnora version 0.1.0. The vulnerability resides in the function testEmbeddingModel within the API endpoint /api/v1/initialization/embedding/test. Specifically, the issue arises from improper validation or sanitization of the baseUrl parameter, which an attacker can manipulate to coerce the server into making arbitrary HTTP requests. SSRF vulnerabilities allow attackers to make the vulnerable server perform requests to internal or external resources that the attacker would not normally have access to, potentially leading to unauthorized information disclosure, internal network reconnaissance, or further exploitation of internal services. The vulnerability can be exploited remotely without authentication or user interaction, increasing its risk profile. The CVSS 4.0 base score is 6.9, indicating a medium severity level, with attack vector as network (remote), low attack complexity, no privileges or user interaction required, and low impact on confidentiality, integrity, and availability. The vendor, Tencent, has confirmed that this vulnerability does not exist in the latest releases of WeKnora, implying that upgrading to a newer version mitigates the issue. Although no public exploits are currently known to be active in the wild, the public release of the exploit code increases the likelihood of exploitation attempts. This vulnerability highlights the importance of proper input validation and secure coding practices in API endpoints that handle user-supplied URLs or network requests.

For European organizations using Tencent WeKnora 0.1.0, this SSRF vulnerability poses a significant risk. Exploitation could allow attackers to access internal services behind firewalls, potentially exposing sensitive data or enabling lateral movement within the network. This is particularly concerning for organizations with critical internal infrastructure or those operating in regulated sectors such as finance, healthcare, or government, where data confidentiality and integrity are paramount. The ability to launch the attack remotely without authentication means that exposed WeKnora instances could be targeted by external threat actors, including cybercriminals or state-sponsored groups. The medium severity rating reflects moderate impact potential; however, the actual impact depends on the internal network architecture and the sensitivity of accessible resources. European entities relying on WeKnora for embedding models or AI-related services should assess their exposure and prioritize patching or upgrading to the latest version to prevent exploitation. Failure to do so could result in data breaches, service disruptions, or compliance violations under regulations such as GDPR.

1. Immediate upgrade: Organizations should upgrade Tencent WeKnora to the latest version where the vulnerability is confirmed fixed. 2. Network segmentation: Restrict the server’s ability to make outbound requests to only trusted destinations using firewall rules or network policies, limiting the potential impact of SSRF. 3. Input validation: Implement strict validation and sanitization of the baseUrl parameter to ensure only allowed URLs or domains can be requested. 4. Monitoring and logging: Enable detailed logging of outbound requests from the WeKnora server and monitor for unusual or unauthorized request patterns indicative of SSRF exploitation attempts. 5. Access controls: Limit exposure of the vulnerable API endpoint by enforcing authentication and authorization where possible, even if the vulnerability does not require it, to reduce attack surface. 6. Incident response readiness: Prepare to detect and respond to SSRF exploitation attempts by integrating threat intelligence and anomaly detection tools. 7. Vendor communication: Maintain contact with Tencent for updates on patches and security advisories related to WeKnora.