CVE-2025-50251

Plane · Plane

A server-side request forgery (SSRF) vulnerability exists in Plane version 0.23.1, specifically within the password recovery functionality.

Executive summary

A critical SSRF vulnerability in Plane version 0.23.1 allows unauthenticated attackers to force the application to make unauthorized requests, potentially exposing internal resources.

Vulnerability

The vulnerability is a Server-Side Request Forgery (SSRF) located in the password recovery mechanism of the application. This flaw can be triggered by an unauthenticated attacker to interact with internal services or APIs that are not intended to be publicly accessible.

Business impact

Successful exploitation of this SSRF vulnerability poses a significant risk to the organization, as it may allow an attacker to bypass network perimeter defenses to scan internal networks or access sensitive metadata services. With a CVSS score of 9.1, this represents a critical threat to data confidentiality and internal infrastructure integrity. Unauthorized access to internal systems could lead to further compromise or data exfiltration.

Remediation

Immediate Action: Upgrade the Plane installation to the latest available version that addresses this SSRF vulnerability.

Proactive Monitoring: Review web server and application logs for suspicious outbound requests originating from the Plane server, particularly those targeting internal IP addresses or private network ranges.

Compensating Controls: Implement strict egress filtering on the host running the application to limit outbound connectivity to only necessary services and prevent unauthorized internal scanning.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Given the critical CVSS severity, administrators should prioritize patching the affected Plane instance immediately. If an immediate update is not feasible, restrict network access to the password recovery endpoint to known, trusted source IP addresses until a permanent remediation is applied.