{"vulnerability": "CVE-2025-0474", "sightings": [{"uuid": "059d8fa7-48fc-48e0-94d6-817d5bb4dde4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0474", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpxmq7vwt2n", "content": "", "creation_timestamp": "2025-01-14T19:16:21.373774Z"}, {"uuid": "3876bf65-a4ee-449f-96f8-aa284144487b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0474", "type": "seen", "source": "https://bsky.app/profile/brank0x42.bsky.social/post/3lfuewlvyl22t", "content": "", "creation_timestamp": "2025-01-16T13:25:30.296929Z"}, {"uuid": "e09e3d2e-7a5f-42ed-bfbc-9183586fd21c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0474", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfpzwl7zeo2y", "content": "", "creation_timestamp": "2025-01-14T19:57:39.636541Z"}, {"uuid": "f4fbd1d7-269f-4821-96c1-1b691b216f89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0474", "type": "seen", "source": "https://bsky.app/profile/brank0x42.bsky.social/post/3li4wz6rdys2h", "content": "", "creation_timestamp": "2025-02-14T10:00:26.240906Z"}, {"uuid": "69011ac8-498a-477a-bc6b-20bbf4d57611", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0474", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1583", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-0474\n\ud83d\udd39 Description: Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery (SSRF) allowing for arbitrary file read and network resource requests as the application user.\nThis issue affects Invoice Ninja: from 5.8.56 through 5.11.23.\n\ud83d\udccf Published: 2025-01-14T18:50:30.331Z\n\ud83d\udccf Modified: 2025-01-14T18:50:30.331Z\n\ud83d\udd17 References:\n1. https://github.com/invoiceninja/invoiceninja/commit/2a9bf353b432d7060e85487b617151ecbc36247d\n2. https://vulncheck.com/advisories/invoice-ninja-ssrf\n3. https://github.com/invoiceninja/invoiceninja/compare/97ae948618230c1812f3223b80bf22dcb0382dc5..435780932fe19063001d79ba518815df62773d71", "creation_timestamp": "2025-01-14T19:10:56.000000Z"}, {"uuid": "44d730e6-ea98-4834-b391-9daf06a4d387", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0474", "type": "seen", "source": "https://t.me/cvedetector/15348", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-0474 - \"Invoice Ninja SSRF\"\", \n  \"Content\": \"CVE ID : CVE-2025-0474 \nPublished : Jan. 14, 2025, 7:15 p.m. | 26\u00a0minutes ago \nDescription : Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery (SSRF) allowing for arbitrary file read and network resource requests as the application user.  \nThis issue affects Invoice Ninja: from 5.8.56 through 5.11.23. \nSeverity: 7.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-14T20:42:26.000000Z"}]}