CVE-2025-64180 Manager-io/Manager: Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU)

Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...

Manager-io 代码问题漏洞

Manager-io is an open source accounting software from Manager.io. It is available for Windows, Mac and Linux. A code issue vulnerability exists in Manager-io 25.11.1.3085 and prior versions that stems from a TOCTOU condition in the DNS authentication mechanism, which could lead to bypassing netwo...

CVE-2025-54122

Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery SSRF vulnerability has been identified in the proxy handler component of both manager Desktop and Server edition versions up to and including 25.7.18.2519. This vulnerability allows an...

CVE-2025-54122 Manager-io/Manager allows unauthenticated full read server-side request forgery in "proxy" endpoint

Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery SSRF vulnerability has been identified in the proxy handler component of both manager Desktop and Server edition versions up to and including 25.7.18.2519. This vulnerability allows an...

CVE-2025-54122 Manager-io/Manager allows unauthenticated full read server-side request forgery in "proxy" endpoint

Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery SSRF vulnerability has been identified in the proxy handler component of both manager Desktop and Server edition versions up to and including 25.7.18.2519. This vulnerability allows an...

CVE-2025-54122

The CVE-2025-54122 entry concerns Manager-io/Manager accounting software with an unauthenticated SSRF in the proxy handler used by both Desktop and Server editions. Affected versions go up to 25.7.18.2519; the vulnerability allows bypassing network isolation and reaching internal services or clou...

CVE-2025-54122 Manager-io/Manager allows unauthenticated full read server-side request forgery in "proxy" endpoint

Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery SSRF vulnerability has been identified in the proxy handler component of both manager Desktop and Server edition versions up to and including 25.7.18.2519. This vulnerability allows an...

PT-2025-30343 · Manager Io · Imanager

Name of the Vulnerable Software and Affected Versions: Manager-io/Manager versions up to and including 25.7.18.2519 Description: Manager-io/Manager is accounting software with a critical unauthenticated Server-Side Request Forgery SSRF vulnerability identified in the proxy handler component. This...

Manager-io 代码问题漏洞

Manager-io is an open source accounting software from Manager.io. It is available for Windows, Mac and Linux. A code issue vulnerability exists in Manager-io 25.7.18.2519 and prior versions, which stems from improper access control in the proxy processing component and could lead to a server-side...