CVE-2025-52362 is a critical Server-Side Request Forgery (SSRF) vulnerability identified in PHProxy version 1.1.1 and earlier. PHProxy is a web proxy application that allows users to browse the internet anonymously by routing requests through the proxy server. The vulnerability arises from insufficient input validation on the _proxurl parameter, which is used to specify the target URL for the proxy request. An attacker can craft a specially formed URL that bypasses the input validation mechanisms, enabling them to coerce the server into making arbitrary HTTP requests to internal or external systems. Because the vulnerability is exploitable without authentication or user interaction, it poses a significant risk. The CVSS v3.1 base score of 9.1 reflects the high impact on confidentiality and integrity, as the attacker can potentially access internal resources, sensitive data, or manipulate backend services. The vulnerability is categorized under CWE-918 (Server-Side Request Forgery), which typically allows attackers to abuse server functionality to access or manipulate internal systems that are otherwise inaccessible externally. Although no public exploits are currently known, the ease of exploitation and the critical severity suggest that threat actors may develop exploits rapidly. No patches or mitigations are currently linked, indicating that affected organizations must prioritize risk management and implement compensating controls promptly.

For European organizations, the impact of this SSRF vulnerability can be severe. Many enterprises and public sector entities use proxy services like PHProxy for privacy, content filtering, or network segmentation. Exploitation could allow attackers to pivot from the proxy server into internal networks, accessing sensitive information such as internal APIs, databases, or cloud metadata services. This could lead to data breaches, unauthorized access to confidential information, or disruption of internal services. Given the critical CVSS score and unauthenticated exploitability, attackers could leverage this vulnerability to conduct reconnaissance, exfiltrate data, or launch further attacks within the network. The impact is particularly concerning for organizations handling personal data under GDPR, as breaches could result in regulatory penalties and reputational damage. Additionally, critical infrastructure providers using PHProxy or similar proxy solutions could face operational disruptions or espionage risks. The lack of available patches increases the urgency for organizations to implement immediate mitigations to reduce exposure.

Since no official patches are currently available, European organizations should implement the following specific mitigations: 1) Disable or restrict access to the _proxurl parameter by applying strict input validation or web application firewall (WAF) rules that block suspicious or malformed URLs targeting internal IP ranges or sensitive endpoints. 2) Limit the proxy server's network access by implementing network segmentation and firewall rules that prevent the proxy from initiating requests to internal-only IP addresses or services. 3) Monitor proxy server logs for unusual or unexpected outbound requests, especially those targeting internal resources or uncommon destinations, to detect potential exploitation attempts. 4) Employ runtime application self-protection (RASP) or intrusion detection systems (IDS) to identify and block SSRF attack patterns. 5) Where feasible, replace PHProxy with more secure, actively maintained proxy solutions that have robust input validation and security controls. 6) Educate security teams to prioritize this vulnerability in their risk assessments and incident response plans. 7) Regularly review and update network access controls to minimize the attack surface exposed by proxy services.