Server-Side Request Forgery in Infinera MTC-9
CVE-2025-26487

8.6HIGH

Key Information:

Vendor: Infinera
Status: Mtc-9 Version
Vendor: CVE Published:; 8 December 2025

What is CVE-2025-26487?

A vulnerability within the Infinera MTC-9 product allows malicious actors to execute server-side request forgery (SSRF) attacks. Through SSRF, an attacker can manipulate the server to send unauthorized requests to internal or external resources, potentially leading to data breaches and unauthorized access. It is crucial for organizations utilizing the Infinera MTC-9 to implement necessary security measures to mitigate this risk and safeguard their systems from exploitation.

Affected Version(s)

MTC-9 version R22.1.1.0275

References

https://www.cvcn.gov.it/cvcn/cve/CVE-2025-26487

government-resource

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Feb 11, 2025

JSON