CVE-2025-13174 is a Server-Side Request Forgery (SSRF) vulnerability identified in the rachelos WeRSS we-mp-rss product, specifically affecting versions 1.4.0 through 1.4.7. The vulnerability resides in the do_job function within the Webhook Module (file: /rachelos/we-mp-rss/blob/main/jobs/mps.py). The flaw arises from insufficient validation of the web_hook_url parameter, which an attacker can manipulate to coerce the server into making arbitrary HTTP requests to internal or external systems. SSRF vulnerabilities enable attackers to bypass network access controls, potentially accessing sensitive internal services, metadata endpoints, or other protected resources. The attack vector is remote and does not require authentication or user interaction, increasing the risk of exploitation. Although no active exploitation has been reported in the wild, publicly available exploit code increases the likelihood of future attacks. The CVSS 4.0 base score of 5.3 indicates a medium severity, with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The impact includes partial confidentiality, integrity, and availability loss due to unauthorized requests possibly leading to data leakage, internal reconnaissance, or service disruption. The vulnerability affects organizations using the WeRSS we-mp-rss webhook functionality, especially those relying on automated integrations and internal network communications. Given the public availability of exploits, timely remediation is critical to prevent attackers from leveraging this SSRF flaw for lateral movement or data exfiltration.

For European organizations, exploitation of CVE-2025-13174 could lead to unauthorized internal network access, allowing attackers to scan internal services, access sensitive metadata, or interact with protected APIs. This can result in data leakage, unauthorized command execution, or disruption of critical services. Organizations using WeRSS we-mp-rss in environments with sensitive data or critical infrastructure are at heightened risk. The SSRF can facilitate lateral movement within corporate networks, undermining perimeter defenses. Additionally, attackers could use the vulnerability to bypass firewall rules or access cloud provider metadata services, potentially compromising cloud credentials. The medium severity reflects moderate but tangible risks to confidentiality, integrity, and availability. The absence of required authentication and user interaction lowers the barrier for exploitation, increasing exposure. European entities with webhook integrations in financial, governmental, healthcare, or industrial sectors could face significant operational and reputational damage if exploited.

1. Immediately audit and sanitize all inputs to the web_hook_url parameter to ensure only authorized and validated URLs are accepted. 2. Implement strict allowlists for outbound HTTP requests from the WeRSS server, restricting connections to trusted endpoints only. 3. Employ network segmentation and firewall rules to limit server access to internal resources and prevent SSRF exploitation. 4. Monitor outbound traffic for unusual or unauthorized requests indicative of SSRF attempts. 5. Apply patches or updates from rachelos as soon as they become available to address this vulnerability. 6. Consider disabling webhook functionality temporarily if not essential or until secure configurations are verified. 7. Conduct penetration testing and code reviews focusing on SSRF and input validation weaknesses. 8. Educate development and operations teams about SSRF risks and secure coding practices related to URL handling. 9. Use Web Application Firewalls (WAFs) with SSRF detection capabilities to provide an additional layer of defense. 10. Maintain up-to-date asset inventories to quickly identify and remediate affected WeRSS instances.