SSRF in Rachelos Werss We-mp-rss
CVE-2025-13174
A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this vulnerability is the function do_job of the file /rachelos/we-mp-rss/blob/main/jobs/mps.py of the component Webhook Module. Executing manipulation of…
Vulnerability class: SSRF (Server-Side Request Forgery)
EPSS: 0.000 (12.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.
Affected products
- Rachelos Werss We-mp-rss — versions 1.4.0, 1.4.1, 1.4.2
Weakness classification (CWE)
References
- VDB-332465 | rachelos WeRSS we-mp-rss Webhook mps.py do_job server-side request forgery (technical-description, vdb-entry)
- VDB-332465 | CTI Indicators (IOB, IOC, IOA) (signature, permissions-required)
- Submit #684803 | rachelos WeRSS WeRSS<=1.4.7 Server-Side Request Forgery (third-party-advisory)
- cna@vuldb.com (exploit)
Frequently asked questions
- What is CVE-2025-13174?
- CVE-2025-13174 is a medium-severity vulnerability in Rachelos Werss We-mp-rss, classified under Server-Side Request Forgery (SSRF). CVSS score: 6.3/10. Published 2025-11-14.
- How severe is CVE-2025-13174?
- Medium severity. CVSS v3 base score is 6.3 out of 10.