CVE Alert: CVE-2025-54122

July 22, 2025
image 1

Vulnerability Summary: CVE-2025-54122

Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery (SSRF) vulnerability has been identified in the proxy handler component of both manager Desktop and Server edition versions up to and including 25.7.18.2519. This vulnerability allows an unauthenticated attacker to bypass network isolation and access restrictions, potentially enabling access to internal services, cloud metadata endpoints, and exfiltration of sensitive data from isolated network segments. This vulnerability is fixed in version 25.7.21.2525.

Affected Endpoints:

No affected endpoints listed.

Published Date:

7/21/2025, 9:15:26 PM

💀 CVSS Score:

CVSS v3 Score: 10 (Critical)

Exploit Status:

Not Exploited

References:

Recommended Action:

No proposed action available. Please refer to vendor documentation for updates.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

Tags: , ,

You may have missed

image

[CRYPTO24] – Ransomware Victim: SOUBEIRAN CHOBET S[.]R[.]L[.]

July 22, 2025
image

[AKIRA] – Ransomware Victim: Pinnacle Woodwork

July 22, 2025
image

[LYNX] – Ransomware Victim: Nippn TH

July 22, 2025
0f645a392b509c847d4a19b40e1ad8aa777b70e3d5b060d0da8925cb3ab62dc7

If You’re Forced To Use Windows 11, Here’s How To Steal Some Of Your Time Back

July 22, 2025
9a407790e0d9a3e8767874ef549d60009f0b5ec7e1070c2c60d04a6cc2613ccb

Japan Discovers Object Out Beyond Pluto That Rewrites The Planet 9 Theory

July 22, 2025