Skip to main content

IBM webMethods Integration EUVDEUVD-2025-209934

| CVE-2025-14290 MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-05-26 ibm GHSA-7v43-w3v8-wwv7
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jun 08, 2026 - 12:31 vuln.today

DescriptionCVE.org

IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

AnalysisAI

Server-side request forgery (SSRF) in IBM webMethods Integration Server (on-premises) 10.15 through IS_11.1_Core_Fix10 allows authenticated remote attackers to coerce the server into issuing unauthorized outbound HTTP requests to arbitrary destinations. An attacker with low-privileged credentials can leverage this to map internal network topology, probe non-publicly-routable services, or use the Integration Server as a pivot point for follow-on attacks against adjacent systems. No public exploit identified at time of analysis, and EPSS at 0.02% (7th percentile) alongside SSVC exploitation status of 'none' indicate no observed active exploitation.

Technical ContextAI

IBM webMethods Integration Server is an on-premises enterprise integration platform used for API management, B2B integration, and workflow orchestration. CWE-918 (Server-Side Request Forgery) occurs when user-supplied input is used to construct outbound HTTP or network requests without adequate validation of the destination, allowing the server to act as an unwitting proxy. The affected CPE is cpe:2.3:a:ibm:webmethods_integration_(on_prem)_-integration_server:*:*:*:*:*:*:*:* covering the version band from 10.15 with patch level IS_10.15_Core_Fix2611.1 through IS_11.1_Core_Fix10. The CVSS vector AV:N/AC:L/PR:L/UI:N/S:U confirms the attack is fully remote, requires no user interaction, and demands only low-level authenticated access - consistent with a logged-in integration user or service account exploiting an insufficiently sanitized URL parameter or endpoint within the server's management or integration layer.

RemediationAI

Patch available per vendor advisory - apply the fix documented at https://www.ibm.com/support/pages/node/7273550. IBM has published the corrective update and organizations should consult that advisory for the specific fix level applicable to their deployment (IS_10.15 or IS_11.1 branch). No exact patched fix-pack version number was independently extractable from the available reference data; verify the target fix level directly with the IBM advisory. As a compensating control pending patching, restrict network egress from the Integration Server host using host-based or perimeter firewall rules to allow only explicitly required outbound destinations, which reduces the attacker's ability to reach internal services even if SSRF is triggered. Additionally, enforce the principle of least privilege on Integration Server accounts - reducing the number of users with authenticated access limits the potential attacker pool. Note that egress filtering may affect legitimate integration workflows and should be tuned carefully against existing adapter and endpoint configurations.

Share

EUVD-2025-209934 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy