Threat intelligence company Greynoise warns of “adjusted surges” in the exploitation of server-side request forgery (SSRF) vulnerabilities across multiple platforms.
“At least 400 IPs are actively utilizing multiple SSRF CVEs at the same time, and are actively utilizing them with a prominent overlap between attack attempts,” the company said, adding that it observed activity on March 9, 2025.
Countries that emerged as targets for attempts to exploit SSRF include the United States, Germany, Singapore, India, Lithuania and Japan. Another notable country is Israel, witnessing a surge on March 11, 2025.
A list of exploited SSRF vulnerabilities is listed below –
Greynoise said many of the same IP addresses target multiple SSRF flaws at once rather than focusing on specific weaknesses, suggesting structured patterns of activity to gather intelligence before structured exploitation, automation, or compromise.
In light of aggressive exploitation attempts, it is essential that users apply the latest patches, limit outbound connections to required endpoints, and monitor suspicious outbound requests.
“Many modern cloud services rely on internal metadata APIs and are accessible when SSRF is utilized,” says Greynoise. “SSRF can be used to map internal networks, find vulnerable services, and steal cloud credentials.”
Source link
