Home > Vulnerability Database > CVE-2025-13174

Mend.io Vulnerability Database

CVE-2025-13174

Good to know:

Date: November 14, 2025

A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this vulnerability is the function do_job of the file /rachelos/we-mp-rss/blob/main/jobs/mps.py of the component Webhook Module. Executing manipulation of the argument web_hook_url can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.

Severity Score

9.1

Related Resources (6)

Url: https://www.notion.so/SSRF-vulnerability-in-WeRSS-WebHook-module-29bea92a3c4180a192b5caa9078bfb18

Url: https://vuldb.com/?submit.684803

Url: https://vuldb.com/?ctiid.332465

Url: https://vuldb.com/?id.332465

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-13174

Url: https://www.mend.io/vulnerability-database/CVE-2025-13174

Severity Score

9.1

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-13174

Good to know:

Date: November 14, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?