TOCTOU Flaw in Manager Proxy Allows Complete Bypass of SSRF Protections (Bypass of CVE-2025-54122) .

A critical time-of-check time-of-use (TOCTOU) vulnerability was identified in Manager Desktop and Server editions up to version 25.10.31 that allows attackers to bypass DNS-based network isolation controls. By abusing HTTP redirect handling after initial DNS validation, a remote attacker can coerce the application into accessing internal services and cloud metadata endpoints, effectively performing full-read SSRF against protected network resources. The Desktop edition is exploitable without authentication, while the Server edition requires only standard credentials. Successful exploitation can lead to credential disclosure, internal network access, and broader infrastructure compromise.