CVE-2025-10695

Two unauthenticated diagnostic endpoints allow arbitrary backend-initiated network connections to an attackersupplied destination.Both endpoints are exposed with permission => 'any', enabling unauthenticated SSRF for internal network scanning and service interaction.

This issue affects OpenSupports: 4.11.0.