CVE-2025-54122 is a critical Server-Side Request Forgery (SSRF) vulnerability identified in the accounting software Manager-io Manager, affecting both Desktop and Server editions up to version 25.7.18.2519. The vulnerability resides in the proxy handler component, which processes network requests on behalf of the application. An unauthenticated attacker can exploit this flaw to send arbitrary requests from the vulnerable server to internal or external network resources. This bypasses network isolation and access control mechanisms, enabling the attacker to reach internal services that are otherwise inaccessible from outside the network, including cloud metadata endpoints commonly used in cloud environments to provide instance-specific information. The SSRF can lead to full read access, allowing exfiltration of sensitive data from isolated network segments. The vulnerability has a CVSS 3.1 base score of 10.0, indicating critical severity, with attack vector Network (AV:N), no privileges required (PR:N), no user interaction (UI:N), and scope changed (S:C), impacting confidentiality, integrity, and availability at a high level. The vulnerability was published on July 21, 2025, and fixed in version 25.7.21.2525 of the software. No known exploits are reported in the wild yet, but the critical nature and ease of exploitation make it a significant threat. The CWE classification is CWE-918, which corresponds to SSRF vulnerabilities that allow attackers to induce the server to make HTTP requests to arbitrary domains or IP addresses. This vulnerability is particularly dangerous in environments where Manager-io Manager is deployed with access to sensitive internal networks or cloud infrastructure metadata services, as it can lead to data leakage, lateral movement, and further compromise of internal systems.

For European organizations using Manager-io Manager accounting software, this vulnerability poses a severe risk. The ability for unauthenticated attackers to perform SSRF attacks can lead to unauthorized access to internal network resources, including databases, internal APIs, and cloud metadata services, potentially exposing sensitive financial data and internal infrastructure details. This can result in data breaches, financial fraud, and disruption of accounting operations. Given the criticality of accounting data and the regulatory environment in Europe, including GDPR requirements for data protection, exploitation of this vulnerability could lead to significant legal and financial consequences. Additionally, the vulnerability could be leveraged as an initial foothold for further attacks within the network, increasing the risk of widespread compromise. Organizations operating in cloud environments are particularly at risk due to the potential exposure of cloud metadata endpoints, which can provide attackers with credentials or configuration details to escalate privileges or move laterally. The lack of authentication requirement and no need for user interaction further increase the risk, as attackers can exploit the vulnerability remotely without user involvement.

European organizations should immediately upgrade Manager-io Manager to version 25.7.21.2525 or later, where the vulnerability is patched. Until the upgrade is applied, organizations should implement network-level controls to restrict outbound HTTP/HTTPS requests from the Manager-io Manager server to only trusted destinations, effectively limiting the SSRF attack surface. Deploying Web Application Firewalls (WAFs) with rules to detect and block SSRF patterns can provide an additional layer of defense. Monitoring and logging of outbound requests from the Manager-io Manager server should be enhanced to detect anomalous or unauthorized access attempts. Organizations should also review and harden access controls on internal services and cloud metadata endpoints, for example by disabling or restricting access to cloud metadata APIs where possible or using cloud provider features to limit metadata service exposure. Conducting internal network segmentation to isolate critical accounting systems can reduce the impact of potential SSRF exploitation. Finally, organizations should perform vulnerability scanning and penetration testing focused on SSRF to identify and remediate any residual risks.