CVE-2025-11864 | NucleoidAI Nucleoid up to 0.7.10 Outbound Request /src/cluster.ts extension.apply https/ip/port/path/headers server-side request forgery

October 16, 2025 Yanac

A vulnerability was found in NucleoidAI Nucleoid up to 0.7.10 and classified as critical. The impacted element is the function extension.apply of the file /src/cluster.ts of the component Outbound Request Handler. Such manipulation of the argument https/ip/port/path/headers leads to server-side request forgery.

This vulnerability is listed as CVE-2025-11864. The attack may be performed from remote. There is no available exploit.VulDB Recent EntriesRead More