Threat intelligence firm GreyNoise is warning of a” coordinated surge” in the exploitation of Server-Side Request Forgery ( SSRF ) vulnerabilities spanning multiple platforms.
” At least 400 Firewall have been seen constantly exploiting several SSRF CVEs together, with significant overlap between attack efforts”, the company , adding it observed the action on March 9, 2025.
The countries which have emerged as the goal of SSRF oppression efforts include the United States, Germany, Singapore, India, Lithuania, and Japan. Another notable region is Israel, which has witnessed a boom on March 11, 2025.
The record of SSRF risks being exploited are listed below-
GreyNoise said that many of the same IP addresses are targeting several SSRF imperfections at once rather than focusing on one particular failure, noting the pattern of activity suggests structured abuse, technology, or pre-compromise intelligence gathering.
In light of active exploitation attempts, it’s essential that users apply the latest patches, limit outbound connections to necessary endpoints, and monitor for suspicious outbound requests.
” Many modern cloud services rely on internal metadata APIs, which SSRF can access if exploited”, GreyNoise said. ” SSRF can be used to map internal networks, locate vulnerable services, and steal cloud credentials”.