Unauthorized Access Vulnerability in Progress Software Hybrid Data Pipeline Server
CVE-2025-6505

8.1HIGH

Key Information:

Vendor: Progress Software
Status: Hybrid Data Pipeline
Vendor: CVE Published:; 29 July 2025

🔔 Create Progress Software Vulnerability Alert

What is CVE-2025-6505?

Versions 4.6.2.3226 and earlier of Progress Software's Hybrid Data Pipeline Server on Linux are susceptible to a security flaw that allows unauthorized access through a combination of client credentials. This issue arises during the OAuth handshake, where the server does not properly validate client credentials provided via both HTTP headers and request parameters. Exploiting this flaw could lead to client impersonation, putting sensitive information and system integrity at risk.

Affected Version(s)

Hybrid Data Pipeline Linux 0 <= 4.6.2.3226

References

https://community.progress.com/s/article/DataDirect-Hybri...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2025
Vulnerability Reserved
Jun 23, 2025