Menace intelligence agency GreyNoise is warning of a “coordinated surge” within the exploitation of Server-Facet Request Forgery (SSRF) vulnerabilities spanning a number of platforms.
“At the very least 400 IPs have been seen actively exploiting a number of SSRF CVEs concurrently, with notable overlap between assault makes an attempt,” the corporate said, including it noticed the exercise on March 9, 2025.
The nations which have emerged because the goal of SSRF exploitation makes an attempt embody the USA, Germany, Singapore, India, Lithuania, and Japan. One other notable nation is Israel, which has witnessed a surge on March 11, 2025.
The listing of SSRF vulnerabilities being exploited are listed under –
GreyNoise stated that most of the identical IP addresses are focusing on a number of SSRF flaws without delay fairly than specializing in one specific weak spot, noting the sample of exercise suggests structured exploitation, automation, or pre-compromise intelligence gathering.
In mild of energetic exploitation makes an attempt, it is important that customers apply the most recent patches, restrict outbound connections to mandatory endpoints, and monitor for suspicious outbound requests.
“Many trendy cloud providers depend on inside metadata APIs, which SSRF can entry if exploited,” GreyNoise stated. “SSRF can be utilized to map inside networks, find weak providers, and steal cloud credentials.”
Source link