SSRF in Objectplanet Opinio

CVE-2025-13872

Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.000 (10.5th percentile) — read the EPSS interpretation.

Affected products

Objectplanet Opinio — versions 7.26 rev12562

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

www.objectplanet.com/opinio/changelog.html (release-notes)