dark
Hand-Picked Top-Read Stories
Trending Tags
2 minute read

Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack

Avatar
info@thehackernews.com (The Hacker News)
March 12, 2025
Threat intelligence firm GreyNoise is warning of a “coordinated surge” in the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities spanning multiple platforms. “At least 400 IPs have been seen actively exploiting multiple SSRF CVEs simultaneously, with notable overlap between attack attempts,” the company said, adding it observed the activity on March 9, 2025. The countries which
Total
0
Shares
0
0
0
[[{“value”:”

Threat intelligence firm GreyNoise is warning of a “coordinated surge” in the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities spanning multiple platforms.

“At least 400 IPs have been seen actively exploiting multiple SSRF CVEs simultaneously, with notable overlap between attack attempts,” the company said, adding it observed the activity on March 9, 2025.

The countries which have emerged as the target of SSRF exploitation attempts include the United States, Germany, Singapore, India, Lithuania, and Japan. Another notable country is Israel, which has witnessed a surge on March 11, 2025.

The list of SSRF vulnerabilities being exploited are listed below –

CVE-2017-0929 (CVSS score: 7.5) – DotNetNuke
CVE-2020-7796 (CVSS score: 9.8) – Zimbra Collaboration Suite
CVE-2021-21973 (CVSS score: 5.3) – VMware vCenter
CVE-2021-22054 (CVSS score: 7.5) – VMware Workspace ONE UEM
CVE-2021-22175 (CVSS score: 9.8) – GitLab CE/EE
CVE-2021-22214 (CVSS score: 8.6) – GitLab CE/EE
CVE-2021-39935 (CVSS score: 7.5) – GitLab CE/EE
CVE-2023-5830 (CVSS score: 9.8) – ColumbiaSoft DocumentLocator
CVE-2024-6587 (CVSS score: 7.5) – BerriAI LiteLLM
CVE-2024-21893 (CVSS score: 8.2) – Ivanti Connect Secure
OpenBMCS 2.4 Authenticated SSRF Attempt (No CVE)
Zimbra Collaboration Suite SSRF Attempt (No CVE)

GreyNoise said that many of the same IP addresses are targeting multiple SSRF flaws at once rather than focusing on one particular weakness, noting the pattern of activity suggests structured exploitation, automation, or pre-compromise intelligence gathering.

In light of active exploitation attempts, it’s essential that users apply the latest patches, limit outbound connections to necessary endpoints, and monitor for suspicious outbound requests.

“Many modern cloud services rely on internal metadata APIs, which SSRF can access if exploited,” GreyNoise said. “SSRF can be used to map internal networks, locate vulnerable services, and steal cloud credentials.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

“}]] The Hacker News 

Total
0
Shares
Share 0
Tweet 0
Share 0
Share 0
Share 0
Previous Post

Pentesters: Is AI Coming for Your Role?

March 12, 2025
Next Post

Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits

March 12, 2025
Related Posts
2 min

AI Threats Are Evolving Fast — Learn Practical Defense Tactics in this Expert Webinar

The rules have changed. Again. Artificial intelligence is bringing powerful new tools to businesses. But it's also giving cybercriminals smarter ways to attack. They’re moving quicker, targeting more precisely, and slipping past old defenses without being noticed. And here's the harsh truth: If your security strategy hasn’t evolved with AI in mind, you’re already behind. But you’re not alone—and
Avatar
info@thehackernews.com (The Hacker News)
April 3, 2025
Read More
3 min

AkiraBot Targets 420,000 Sites with OpenAI-Generated Spam, Bypassing CAPTCHA Protections

Cybersecurity researchers have disclosed details of an artificial intelligence (AI) powered platform called AkiraBot that's used to spam website chats, comment sections, and contact forms to promote dubious search engine optimization (SEO) services such as Akira and ServicewrapGO. "AkiraBot has targeted more than 400,000 websites and successfully spammed at least 80,000 websites since September
Avatar
info@thehackernews.com (The Hacker News)
April 10, 2025
Read More