Skip to main content

Webmethods Integration On Prem Integration Server

1 CVEs product

Monthly

CVE-2025-14290 MEDIUM PATCH This Month

Server-side request forgery (SSRF) in IBM webMethods Integration Server (on-premises) 10.15 through IS_11.1_Core_Fix10 allows authenticated remote attackers to coerce the server into issuing unauthorized outbound HTTP requests to arbitrary destinations. An attacker with low-privileged credentials can leverage this to map internal network topology, probe non-publicly-routable services, or use the Integration Server as a pivot point for follow-on attacks against adjacent systems. No public exploit identified at time of analysis, and EPSS at 0.02% (7th percentile) alongside SSVC exploitation status of 'none' indicate no observed active exploitation.

IBM SSRF Webmethods Integration On Prem Integration Server
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Server-side request forgery (SSRF) in IBM webMethods Integration Server (on-premises) 10.15 through IS_11.1_Core_Fix10 allows authenticated remote attackers to coerce the server into issuing unauthorized outbound HTTP requests to arbitrary destinations. An attacker with low-privileged credentials can leverage this to map internal network topology, probe non-publicly-routable services, or use the Integration Server as a pivot point for follow-on attacks against adjacent systems. No public exploit identified at time of analysis, and EPSS at 0.02% (7th percentile) alongside SSVC exploitation status of 'none' indicate no observed active exploitation.

IBM SSRF Webmethods Integration On Prem Integration Server
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy