Server-Side Request Forgery Vulnerability in IBM WebSphere Application Server
CVE-2025-27907

4.1MEDIUM

Key Information:

Vendor

IBM

Vendor
CVE Published:
22 April 2025

What is CVE-2025-27907?

IBM WebSphere Application Server versions 8.5 and 9.0 contain a server-side request forgery (SSRF) vulnerability that allows an authenticated attacker to make unauthorized requests from the server. This could lead to network enumeration and the potential for further attacks, posing a significant risk to network security. Proper security measures and timely updates are essential to mitigate this threat.

Affected Version(s)

WebSphere Application Server 8.5

WebSphere Application Server 9.0

References

CVSS V3.1

Score:
4.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.