Server-Side Request Forgery Vulnerability in IBM WebSphere Application Server
CVE-2025-27907

4.1MEDIUM

Key Information:

Vendor: IBM
Status: Websphere Application Server
Vendor: CVE Published:; 22 April 2025

What is CVE-2025-27907?

IBM WebSphere Application Server versions 8.5 and 9.0 contain a server-side request forgery (SSRF) vulnerability that allows an authenticated attacker to make unauthorized requests from the server. This could lead to network enumeration and the potential for further attacks, posing a significant risk to network security. Proper security measures and timely updates are essential to mitigate this threat.

Affected Version(s)

WebSphere Application Server 8.5

WebSphere Application Server 9.0

References

https://www.ibm.com/support/pages/node/7231514

vendor-advisorypatch

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2025
Vulnerability Reserved
Mar 10, 2025