cbcvebase.
CVE-2025-14290
published 2026-05-26

CVE-2025-14290: IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable…

PriorityP433medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
EPSS
0.18%
8.0th percentile
IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Affected

3 ranges
VendorProductVersion rangeFixed in
ibmwebmethods_integration_integration_server10.15 – IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10
ibmwebmethods_integration_server
ibmwebmethods_integration_server

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
vendor_redhat7.1HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.