[HIGH] CVE-2026-7025 — CVSS 7.3 (April 26, 2026)

A HIGH-severity vulnerability identified as CVE-2026-7025 has been published on April 26, 2026 with a CVSS base score of 7.3. This security advisory provides a detailed breakdown of the vulnerability, its potential impact, weakness classification, and actionable steps to protect your systems.

Vulnerability Details

CVE ID: CVE-2026-7025
Severity: HIGH
CVSS Score: 7.3
Published: April 26, 2026
Weakness (CWE): CWE-918

Technical Description

A vulnerability was found in Typecho up to 1.3.0. This vulnerability affects the function Service::sendPingHandle of the file var/Widget/Service.php of the component Ping Back Service Endpoint. The manipulation of the argument X-Pingback/link results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Potential Impact

If exploited, this high-severity vulnerability could allow an attacker to cause significant damage to affected systems. Organizations running affected software should treat this as a priority remediation item.

Recommended Action

No official patch is available yet. Until one is released:

1. Monitor the official NVD page and vendor channels for patch announcements.
2. Restrict access to the affected system or service where possible.
3. Apply network-level mitigations such as firewall rules or WAF policies.
4. Enable logging and alerting for anomalous activity related to this vulnerability.
5. Review your incident response plan in case of active exploitation.

View full details on NVD →

References

• Reference 1
• Reference 2
• Reference 3
• Reference 4

Related Security Advisories

• [HIGH] CVE-2026-0686 — CVSS 7.2 (April 2, 2026) — HIGH / CVSS 7.2
• [HIGH] CVE-2026-41564 — CVSS 7.5 (April 23, 2026) — HIGH / CVSS 7.5
• [HIGH] CVE-2026-3259 — CVSS 7.1 (April 23, 2026) — HIGH / CVSS 7.1