CVE-2025-32358
The CVE describes an SSRF flaw in Zammad 6.4.x prior to 6.4.2. Authenticated admin users can enable webhooks, which trigger POST requests; if a webhook endpoint replies with a redirect, Zammad follows it with an automatic GET, enabling potential access to internal resources (e.g., local network)....