CVE-2025-45869 in LogicalDOC
Summary
by MITRE • 07/13/2026
LogicalDOC Enterprise Version up to and before v9.1.1 is vulnerable to Server-Side Request Forgery (SSRF). An unauthenticated attacker can exploit the ShareFileCallback servlet by manipulating input parameters to trigger a server-side request to an attacker-controlled host.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 07/13/2026
The LogicalDOC Enterprise software version 9.1.1 and earlier contains a critical server-side request forgery vulnerability that enables unauthenticated attackers to manipulate the ShareFileCallback servlet through crafted input parameters. This flaw exists within the application's handling of external resource requests where user-supplied data is directly used to construct server-side HTTP requests without proper validation or sanitization. The vulnerability resides in the software's lack of input parameter filtering and validation mechanisms that should prevent unauthorized access to internal network resources or external systems controlled by the attacker.
This security weakness allows an attacker to initiate arbitrary server-side connections to any host they choose, potentially enabling them to probe internal network services, access sensitive data, or redirect traffic through the vulnerable server. The attack surface is particularly concerning as it operates without authentication requirements, meaning any remote user can exploit this flaw regardless of their access level or credentials. The vulnerability directly maps to CWE-918 Server-Side Request Forgery and aligns with ATT&CK technique T1071.1004 Application Layer Protocol: Web Protocols, where adversaries leverage web application vulnerabilities to perform unauthorized network requests.
The operational impact of this vulnerability extends beyond simple data exfiltration as it could enable attackers to bypass network security controls, access internal services that should remain isolated, or even facilitate further exploitation through information disclosure. Attackers can potentially use this flaw to enumerate internal systems, access databases, or redirect traffic to malicious endpoints, making it a significant threat vector for organizations relying on LogicalDOC Enterprise. The vulnerability particularly affects environments where the application server has access to sensitive internal resources or where network segmentation is not properly enforced.
Organizations should immediately implement mitigations including input validation and parameter sanitization for all user-supplied data, implementing strict outbound connection controls, and restricting the application's ability to make arbitrary external requests. Network-level firewalls should be configured to limit outbound connections from the LogicalDOC server, and proper access controls should be implemented to prevent unauthorized network discovery activities. Additionally, organizations should consider implementing web application firewalls that can detect and block suspicious request patterns targeting the ShareFileCallback servlet, along with regular security assessments to identify similar vulnerabilities in other application components. The recommended solution involves upgrading to version 9.1.1 or later where this vulnerability has been addressed through proper input validation mechanisms and enhanced security controls for external resource access.