Unauthenticated Server-Side Request Forgery (SSRF) in Manager Desktop and Server Editions .

A critical unauthenticated server-side request forgery (SSRF) vulnerability was identified in the proxy handler component of Manager Desktop and Manager Server editions up to version 25.7.18.2519. The flaw allows a remote attacker to coerce the application into issuing arbitrary HTTP requests to internal or otherwise restricted resources, including localhost services and cloud metadata endpoints, fully bypassing network isolation controls. By abusing automatic HTTP redirect handling that downgrades POST requests to GET, an attacker can read sensitive internal data without authentication. Successful exploitation may lead to credential disclosure, internal network reconnaissance, data exfiltration, and broader compromise of cloud or on-prem environments.