CVE-2025-8675 is a Server-Side Request Forgery (SSRF) vulnerability identified in the Drupal AI SEO Link Advisor module, affecting versions prior to 1.0.6 (notably version 0.0.0). SSRF vulnerabilities occur when an attacker can manipulate a server to send crafted requests to internal or external systems that the server can access but the attacker normally cannot. In this case, the vulnerability allows unauthenticated attackers (no privileges required) to induce the Drupal AI SEO Link Advisor to make arbitrary HTTP requests. The CVSS 3.1 base score is 4.7 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R), and a scope change (S:C). The impact affects integrity (I:L) but not confidentiality or availability. This suggests that while the attacker cannot directly read sensitive data or cause denial of service, they can influence internal request behavior, potentially leading to indirect impacts such as internal network reconnaissance, bypassing access controls, or triggering unintended actions on internal services. The vulnerability is present because the module does not properly validate or restrict URLs or endpoints that it requests, allowing crafted input to cause the server to perform requests to arbitrary locations. No known exploits are currently reported in the wild, and no patches or updates are linked yet, indicating that remediation may still be pending or in progress. The vulnerability is categorized under CWE-918, which covers SSRF weaknesses.

For European organizations using Drupal with the AI SEO Link Advisor module, this SSRF vulnerability poses a moderate risk. Attackers could leverage this flaw to perform internal network scanning or access internal services that are otherwise protected by firewalls or network segmentation. This can lead to further exploitation, such as accessing internal APIs, metadata services in cloud environments, or other sensitive infrastructure components. While direct data exfiltration is not indicated, the integrity impact suggests attackers might manipulate or influence internal requests, potentially causing unauthorized actions or data corruption. Given the widespread use of Drupal in Europe, especially among government, education, and enterprise sectors, the vulnerability could be exploited to gain footholds or pivot within internal networks. The requirement for user interaction (UI:R) implies that some form of social engineering or user-triggered action is needed, which may limit automated exploitation but does not eliminate risk, especially in phishing-prone environments. The medium severity rating aligns with a moderate but non-trivial threat level, warranting timely attention to prevent escalation or chaining with other vulnerabilities.

European organizations should immediately inventory their Drupal installations to identify the presence of the AI SEO Link Advisor module and its version. Until an official patch is released, organizations should consider disabling or uninstalling the module to eliminate the attack surface. If disabling is not feasible, implement strict input validation and URL whitelisting on any user-controllable parameters that influence outbound requests. Network-level mitigations include restricting the Drupal server's outbound HTTP requests via firewall rules or proxy configurations to prevent access to internal IP ranges, metadata services, and sensitive endpoints. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious SSRF patterns. Additionally, educate users about phishing and social engineering risks to reduce the likelihood of triggering the vulnerability. Monitor logs for unusual outbound requests from Drupal servers and anomalous internal network activity. Once a vendor patch or update is available, prioritize its deployment and verify the fix through testing. Finally, maintain up-to-date threat intelligence feeds to detect any emerging exploit attempts targeting this vulnerability.