Budibase is vulnerable to a critical unauthenticated SSRF flaw because its internal IP blacklist protection is disabled by default in official deployment configurations.

A Server-Side Request Forgery (SSRF) exists in the REST datasource connector. The platform's protection mechanism is ineffective because the BLACKLIST_IPS environment variable is empty by default, causing the security check to return false and allow all requests to internal resources.

Attackers can use the Budibase server as a proxy to scan and attack internal network services that are not otherwise reachable from the internet. The CVSS score of 9.6 highlights the high risk of internal infrastructure exposure, which could lead to secondary compromises of databases or internal management tools.

Immediate Action: Update Budibase to version 3.33.4 and ensure that the BLACKLIST_IPS environment variable is correctly populated with internal and reserved IP ranges.

Proactive Monitoring: Review outbound network logs from the Budibase server for requests directed at internal IP addresses (e.g., 10.x.x.x, 192.168.x.x).

Compensating Controls: Use network-level egress filtering to prevent the Budibase container from initiating connections to sensitive internal network segments.

Public Exploit Available: false

This SSRF vulnerability effectively neutralizes the network perimeter for any organization running Budibase. It is imperative to update to version 3.33.4 immediately. Furthermore, administrators should adopt a "deny-by-default" egress policy for application containers to mitigate the impact of similar SSRF flaws in the future.