{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-28T17:54:21.216","vulnerabilities":[{"cve":{"id":"CVE-2025-32358","sourceIdentifier":"cve@mitre.org","published":"2025-04-05T21:15:40.487","lastModified":"2026-06-17T09:11:52.307","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are triggered as POST requests when certain conditions are met. If a webhook endpoint returned a redirect response, Zammad would follow it automatically with another GET request. This could be abused by an attacker to cause GET requests for example in the local network."},{"lang":"es","value":"En Zammad 6.4.x anterior a 6.4.2, puede producirse una SSRF. Los usuarios administradores autenticados pueden habilitar webhooks en Zammad, que se activan como solicitudes POST cuando se cumplen ciertas condiciones. Si un punto final de un webhook devolvía una respuesta de redirección, Zammad la seguía automáticamente con otra solicitud GET. Un atacante podría aprovechar esto para generar solicitudes GET, por ejemplo, en la red local."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"Zammad","product":"Zammad","defaultStatus":"unaffected","versions":[{"version":"6.4","lessThan":"6.4.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-04-07T16:12:47.818498Z","id":"CVE-2025-32358","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"6.4.2","matchCriteriaId":"B3CB15F8-B4D0-450D-9D9A-9A710EE15BCB"}]}]}],"references":[{"url":"https://zammad.com/en/advisories/zaa-2025-01","source":"cve@mitre.org","tags":["Vendor Advisory"]}]}}]}