This vulnerability involves an SSRF flaw in the webhook creation endpoint of Webkul Krayin CRM v2.2.x. An attacker with low privileges can craft POST requests to the /settings/webhooks/create component to induce the server to make requests to internal network resources, effectively enabling internal network scanning. The CVSS 3.1 vector indicates the attack requires low privileges, no user interaction, and affects confidentiality with a scope change. No official fix or patch information is currently provided, and the product is not a cloud service, so remediation depends on vendor updates.

Successful exploitation can lead to unauthorized scanning and potential information disclosure of internal network resources. The confidentiality impact is high, while integrity impact is low and availability is unaffected. The vulnerability could facilitate further attacks by revealing internal infrastructure details. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the vulnerable endpoint to trusted users only and monitor for suspicious POST requests targeting /settings/webhooks/create. Avoid exposing the CRM system to untrusted networks. Follow vendor communications for updates on patches or mitigations.