CVE-2025-27907
published 2025-04-22CVE-2025-27907: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized…
low2.7CVSS 3.1
AVNACLPRHUINSUCLINAN
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | websphere_application_server | — | — |
| ibm | websphere_application_server | — | — |
| ibm | websphere_application_server | >= 8.5 < 8.5.5.28 | 8.5.5.28 |
| ibm | websphere_application_server | >= 9.0 < 9.0.5.24 | 9.0.5.24 |