Overview
A Server-Side Request Forgery (SSRF) vulnerability, identified as CVE-2025-14116, has been discovered in Yuxi-Know up to version 0.4.0. This vulnerability allows a remote attacker to potentially manipulate the server into making unintended requests, potentially exposing sensitive internal resources or interacting with external systems on the attacker’s behalf. The vulnerability resides within the OtherEmbedding.aencode function of the /src/models/embed.py file.
Technical Details
The vulnerability stems from insufficient sanitization of the health_url argument within the OtherEmbedding.aencode function. An attacker can manipulate this argument to inject arbitrary URLs. Because the server processes these URLs without proper validation, it can be coerced into making requests to attacker-controlled servers or internal network resources. The vulnerable code is located in /src/models/embed.py. The publicly available exploit demonstrates the ease with which this vulnerability can be exploited. The fix for this vulnerability has been released as commit 0ff771dc1933d5a6b78f804115e78a7d8625c3f3.
CVSS Analysis
The Common Vulnerability Scoring System (CVSS) assigns CVE-2025-14116 a score of 4.7 (Medium). This score reflects the potential for remote exploitation and the impact on confidentiality and integrity.
Possible Impact
Successful exploitation of this SSRF vulnerability could have serious consequences, including:
- Exposure of sensitive internal data (e.g., configuration files, database credentials).
- Unauthorized access to internal network resources.
- Denial-of-service attacks against internal or external services.
- Potentially leveraging the vulnerable server as a stepping stone for further attacks on other systems.
Mitigation and Patch Steps
To mitigate the risk posed by CVE-2025-14116, it is highly recommended to take the following steps:
- Apply the Patch: The most effective solution is to apply the patch referenced as commit 0ff771dc1933d5a6b78f804115e78a7d8625c3f3 on the Yuxi-Know repository.
- Review Vendor Security Measures: The vendor has responded by disabling URL parsing, disabling URL upload mode, and removing URL-to-markdown conversion. While these measures are helpful, applying the official patch is still the recommended approach.
- Input Validation: Implement robust input validation and sanitization for all user-supplied URLs. Use whitelists to restrict allowed URL schemes and domains.
- Network Segmentation: Segment your network to limit the impact of a successful SSRF attack. Restrict access to sensitive internal resources.
- Regular Security Audits: Conduct regular security audits and penetration testing to identify and address vulnerabilities in your systems.