CVE-2025-10391 | CRMEB up to 5.6.1 OutAccountServices.php testOutUrl push_token_url server-side request forgery

A vulnerability was found in CRMEB up to 5.6.1. It has been classified as critical. The impacted element is the function testOutUrl of the file app/services/out/OutAccountServices.php. The manipulation of the argument push_token_url leads to server-side request forgery.

This vulnerability is referenced as CVE-2025-10391. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More