Server-Side Request Forgery in IBM InfoSphere Information Server
CVE-2025-12832

4.6MEDIUM

Key Information:

Vendor: IBM
Status: Infosphere Information Server
Vendor: CVE Published:; 8 December 2025

What is CVE-2025-12832?

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 are susceptible to a server-side request forgery (SSRF) vulnerability, which enables an authenticated attacker to manipulate the system into sending unauthorized requests. This can result in unauthorized network enumeration and potentially pave the way for further attacks on network services or internal systems.

Affected Version(s)

InfoSphere Information Server 11.7.0.0 <= 11.7.1.6

References

https://www.ibm.com/support/pages/node/7253507

vendor-advisorypatch

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Nov 6, 2025

Credit

The vulnerability was reported to IBM by Sana Pc.

JSON