Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
2770 articles · 175021 vulns · 36/41 feeds (7d)
← Back to list
7.3
CVE-2025-45869EXPLOITED
logicaldoc · logicaldoc enterprise

CVE-2025-45869: LogicalDOC Enterprise Version up to and before v9.1.1 is vulnerable to Server-Side Request Forgery (SSRF). An unauthenti

Description

LogicalDOC Enterprise Version up to and before v9.1.1 is vulnerable to Server-Side Request Forgery (SSRF). An unauthenticated attacker can exploit the ShareFileCallback servlet by manipulating input parameters to trigger a server-side request to an attacker-controlled host.

Affected Products

VendorProductVersions
logicaldoclogicaldoc enterprisen/a

References

  • https://www.logicaldoc.com/
  • https://github.com/netero1010/Vulnerability-Disclosure/blob/main/CVE-2025-45869/README.md

Related News (1 articles)

Tier C
VulDB6h ago
CVE-2025-45869 | LogicalDOC up to 9.1.1 ShareFileCallback Servlet server-side request forgery
→ No new info (linked only)
CVSS 3.17.3 HIGH
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA KEV❌ No
Actively exploited✅ Yes
CWECWE-918
PublishedJul 13, 2026
Last enriched7m agov2
Trending Score55
Source articles1
Independent1
Info Completeness7/14
Missing: epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 13, 2026
Discovered by ZDM
Jul 13, 2026
Updated: severity, activelyExploited
Jul 13, 2026
Actively Exploited
Jul 13, 2026

Version History

v2
Last enriched 7m ago
v2Tier C6h ago

Updated severity to CRITICAL and marked the vulnerability as actively exploited.

severityactivelyExploited
via VulDB
v16h ago

Initial creation