CVE-2025-44043 is a Server-Side Request Forgery (SSRF) vulnerability affecting Keyoti SearchUnit versions prior to 9.0.0. The vulnerability exists in the SearchUnit's web service endpoints /Keyoti_SearchEngine_Web_Common/SearchService.svc/GetResults and /Keyoti_SearchEngine_Web_Common/SearchService.svc/GetLocationAndContentCategories. An attacker can exploit this flaw by sending a specially crafted POST request with the indexDirectory parameter set to an attacker-controlled SMB server. This causes the vulnerable SearchUnit server to interact with the attacker's SMB server, effectively allowing the attacker to read from and write to configuration and log files on the SearchUnit server. This can lead to unauthorized disclosure of sensitive information and potential manipulation of the server's configuration or logs. The vulnerability is classified under CWE-918 (Server-Side Request Forgery), which involves an attacker inducing the server to make HTTP or other protocol requests to unintended locations. The CVSS v3.1 base score is 5.4 (medium severity), reflecting that the attack can be performed remotely without authentication (AV:N/AC:L/PR:N), but requires user interaction (UI:R) and results in limited confidentiality and integrity impact (C:L/I:L/A:N). No known exploits are currently reported in the wild, and no patches or vendor advisories are listed at this time. The vulnerability could be leveraged in targeted attacks to gain further foothold or gather intelligence on internal network resources by abusing the server's ability to access SMB shares specified by the attacker.

For European organizations using Keyoti SearchUnit prior to version 9.0.0, this SSRF vulnerability poses a moderate risk. Exploitation could lead to unauthorized access to sensitive configuration and log files, potentially exposing internal network details, user data, or operational information. This could facilitate further attacks such as lateral movement, privilege escalation, or data exfiltration. The ability to write files via SMB could allow attackers to manipulate logs to cover tracks or alter configurations to weaken security controls. Given the medium CVSS score and the need for user interaction, the threat is less likely to cause widespread automated compromise but remains significant for targeted attacks, especially in sectors with sensitive data such as finance, healthcare, and government. The impact on availability is minimal, but confidentiality and integrity risks are notable. European organizations with strict data protection regulations (e.g., GDPR) must consider the potential compliance implications of data exposure or unauthorized modifications resulting from exploitation.

1. Upgrade Keyoti SearchUnit to version 9.0.0 or later where this vulnerability is addressed. 2. If immediate upgrade is not feasible, implement network-level controls to restrict outbound SMB traffic from the SearchUnit server to untrusted networks or hosts. 3. Employ web application firewalls (WAFs) to detect and block suspicious POST requests targeting the vulnerable endpoints, especially those containing SMB paths in the indexDirectory parameter. 4. Conduct thorough logging and monitoring of SearchUnit server network activity, focusing on unusual SMB connections or configuration file changes. 5. Restrict permissions on configuration and log files to minimize the impact of unauthorized read/write operations. 6. Educate users about the risks of interacting with untrusted content that might trigger SSRF attacks requiring user interaction. 7. Regularly audit and review SearchUnit server configurations and access controls to detect anomalies. 8. Consider network segmentation to isolate SearchUnit servers from sensitive internal resources and SMB shares.