CVE-2025-6517 | Dromara MaxKey up to 4.1.7 Meta URL SAML20DetailsController.java add post server-side request forgery

A vulnerability was found in Dromara MaxKey up to 4.1.7 and classified as critical. This issue affects the function Add of the file maxkey-websmaxkey-web-mgtsrcmainjavaorgdromaramaxkeywebappscontorllerSAML20DetailsController.java of the component Meta URL Handler. The manipulation of the argument post leads to server-side request forgery.

The identification of this vulnerability is CVE-2025-6517. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More