CVE-2025-14290
published 2026-05-26CVE-2025-14290: IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable…
PriorityP433medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
EPSS
0.18%
8.0th percentile
IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | webmethods_integration_integration_server | 10.15 – IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 | — |
| ibm | webmethods_integration_server | — | — |
| ibm | webmethods_integration_server | — | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
vendor_redhat7.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7v43-w3v8-wwv7: IBM webMethods Integration (on prem) -Integration Server 10
ghsa_unreviewed·2026-05-26
CVE-2025-14290 [MEDIUM] CWE-918 GHSA-7v43-w3v8-wwv7: IBM webMethods Integration (on prem) -Integration Server 10
IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Red Hat
kernel: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
vendor_redhat·2025-10-28·CVSS 7.1
CVE-2025-40082 [HIGH] kernel: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
kernel: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
In the Linux kernel, the following vulnerability has been resolved:
hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186
Read of size 2 at addr ffff8880289ef218 by task syz.6.248/14290
CPU: 0 UID: 0 PID: 14290 Comm: syz.6.248 Not tainted 6.16.4 #1 PREEMPT(full)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:378 [inline]
print_report+0xca/0x5f0 mm/kasan/report.c:482
kasan_report+0xca/0x100 mm/kasan/report.c:595
hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-26
Published