{"id":"CVE-2025-45872","details":"zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the downloadUrl parameter.","modified":"2026-04-10T05:27:24.830524Z","published":"2025-07-01T14:15:38.770Z","references":[{"type":"EVIDENCE","url":"https://github.com/dengxmenglihua/cve/blob/main/ZrLog%20Blog%20System%20SSRF%20%2B%20File%20Overwrite%20Leading%20to%20RCE%20Vulnerability.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/94fzb/zrlog","events":[{"introduced":"0"},{"last_affected":"6644274938a1e1979ff00fab2ca033864fc7d64a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.1.5"}]}}],"versions":["v3.1.0","v3.1.1","v3.1.2","v3.1.3","v3.1.4","v3.1.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-45872.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}