CVE-2025-13872 – Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio

CVE ID : CVE-2025-13872

Published : Dec. 2, 2025, 9:51 a.m. | 34 minutes ago

Description : Blind Server-Side Request Forgery (SSRF) in the survey-import feature of

ObjectPlanet Opinio 7.26 rev12562 on

Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests

to an arbitrary destination.

Severity: 2.1 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-13873 – The feature to import a survey is prone to stored Cross-Site Script attacks

CVE-2025-13871 – The feature to manage resources is prone to Cross-Site Request Forgery attacks

CVE-2025-13870 – Unauthorized access and subscription vulnerability in Boards

CVE-2025-13516 – SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers