Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
AnalysisAI
Server-side request forgery (SSRF) in IBM webMethods Integration Server (on-premises) 10.15 through IS_11.1_Core_Fix10 allows authenticated remote attackers to coerce the server into issuing unauthorized outbound HTTP requests to arbitrary destinations. An attacker with low-privileged credentials can leverage this to map internal network topology, probe non-publicly-routable services, or use the Integration Server as a pivot point for follow-on attacks against adjacent systems. No public exploit identified at time of analysis, and EPSS at 0.02% (7th percentile) alongside SSVC exploitation status of 'none' indicate no observed active exploitation.
Technical ContextAI
IBM webMethods Integration Server is an on-premises enterprise integration platform used for API management, B2B integration, and workflow orchestration. CWE-918 (Server-Side Request Forgery) occurs when user-supplied input is used to construct outbound HTTP or network requests without adequate validation of the destination, allowing the server to act as an unwitting proxy. The affected CPE is cpe:2.3:a:ibm:webmethods_integration_(on_prem)_-integration_server:*:*:*:*:*:*:*:* covering the version band from 10.15 with patch level IS_10.15_Core_Fix2611.1 through IS_11.1_Core_Fix10. The CVSS vector AV:N/AC:L/PR:L/UI:N/S:U confirms the attack is fully remote, requires no user interaction, and demands only low-level authenticated access - consistent with a logged-in integration user or service account exploiting an insufficiently sanitized URL parameter or endpoint within the server's management or integration layer.
RemediationAI
Patch available per vendor advisory - apply the fix documented at https://www.ibm.com/support/pages/node/7273550. IBM has published the corrective update and organizations should consult that advisory for the specific fix level applicable to their deployment (IS_10.15 or IS_11.1 branch). No exact patched fix-pack version number was independently extractable from the available reference data; verify the target fix level directly with the IBM advisory. As a compensating control pending patching, restrict network egress from the Integration Server host using host-based or perimeter firewall rules to allow only explicitly required outbound destinations, which reduces the attacker's ability to reach internal services even if SSRF is triggered. Additionally, enforce the principle of least privilege on Integration Server accounts - reducing the number of users with authenticated access limits the potential attacker pool. Note that egress filtering may affect legitimate integration workflows and should be tuned carefully against existing adapter and endpoint configurations.
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209934
GHSA-7v43-w3v8-wwv7