CVE-2025-14912

| EUVD-2025-209019 MEDIUM
2026-03-25 ibm GHSA-7wgc-jm2p-f23w
5.4
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
EUVD ID Assigned
Mar 25, 2026 - 20:32 euvd
EUVD-2025-209019
Analysis Generated
Mar 25, 2026 - 20:32 vuln.today
Patch Released
Mar 25, 2026 - 20:32 nvd
Patch available
CVE Published
Mar 25, 2026 - 20:13 nvd
MEDIUM 5.4

Tags

IBM SSRF

Description

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Analysis

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain a server-side request forgery (SSRF) vulnerability that allows authenticated attackers to send unauthorized requests from the vulnerable system. This enables network enumeration, lateral movement, or facilitation of secondary attacks against internal or external resources. The vulnerability requires valid credentials to exploit but carries moderate real-world risk given the CVSS 5.4 score and the authenticated attack vector.

Technical Context

The vulnerability is classified as CWE-918 (Server-Side Request Forgery), a design flaw where the application fails to properly validate or sanitize user-supplied input before making outbound HTTP/network requests on behalf of the server. IBM InfoSphere Information Server (affected CPE: cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*) is a data integration and governance platform that processes, moves, and manages data across heterogeneous systems. The SSRF flaw likely exists in components responsible for data source connectivity, HTTP-based integrations, or remote resource access. An attacker with valid authentication credentials can manipulate request parameters to redirect the server into making connections to internal network services, cloud metadata endpoints, or external systems otherwise inaccessible from the attacker's perspective.

Affected Products

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 are affected, as confirmed via the product CPE identifier cpe:2.3:a:ibm:infosphere_information_server. All minor versions within the 11.7.x branch from initial release (11.7.0.0) through patch level 11.7.1.6 are in scope. Consult the vendor security advisory at https://www.ibm.com/support/pages/node/7266698 for the complete impact assessment and patched version availability.

Remediation

Apply the security patch provided by IBM via their support portal at https://www.ibm.com/support/pages/node/7266698; upgrade to the earliest available patched version beyond 11.7.1.6. Until patching is feasible, implement network-level controls by restricting outbound traffic from InfoSphere servers to explicitly whitelisted internal and external destinations, and disable or restrict features that enable dynamic remote connections. Enforce strict authentication and logging on InfoSphere administrative interfaces to reduce insider risk and detect abuse. Deploy a Web Application Firewall (WAF) or reverse proxy in front of InfoSphere to inspect and block requests with suspicious URL patterns or parameters indicative of SSRF payloads (e.g., localhost, 127.0.0.1, 169.254.169.254, or internal IP ranges in request parameters).

Priority Score

27
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +27
POC: 0

Share

CVE-2025-14912 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy