CVE-2025-14290 - Vulnerability Details - OpenCVE

IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Webmethods Integration On Prem Integration Server

No data.

No data.

No data.

References

Link	Providers
https://www.ibm.com/support/pages/node/7273550

History

Tue, 26 May 2026 17:00:00 +0000

Type	Values Removed	Values Added
Description		IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Title		IBM webMethods Integration Sever is vulnerable to server-side request forgery
First Time appeared		Ibm Ibm webmethods Integration On Prem Integration Server
Weaknesses		CWE-918
CPEs		cpe:2.3:a:ibm:webmethods_integration_on_prem__integration_server:10.15.0:::::::* cpe:2.3:a:ibm:webmethods_integration_on_prem__integration_server:10.15:::::::* cpe:2.3:a:ibm:webmethods_integration_on_prem__integration_server:is_10.15_core_fix2611.1:::::::*
Vendors & Products		Ibm Ibm webmethods Integration On Prem Integration Server
References		https://www.ibm.com/support/pages/node/7273550
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2026-05-26T15:49:23.780Z

Updated: 2026-05-26T15:49:23.780Z

Reserved: 2025-12-08T19:17:35.305Z

Link: CVE-2025-14290

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-26T17:16:28.417

Modified: 2026-05-26T17:16:28.417

Link: CVE-2025-14290

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14290", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-12-08T19:17:35.305Z", "datePublished": "2026-05-26T15:49:23.780Z", "dateUpdated": "2026-05-26T15:49:23.780Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-05-26T15:49:23.780Z"}, "title": "IBM webMethods Integration Sever is vulnerable to server-side request forgery", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "affected": [{"vendor": "IBM", "product": "webMethods Integration (on prem) -Integration Server", "versions": [{"status": "affected", "version": "10.15", "lessThanOrEqual": "IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10", "versionType": "semver"}], "cpes": ["cpe:2.3:a:ibm:webmethods_integration_on_prem__integration_server:10.15:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:webmethods_integration_on_prem__integration_server:10.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:webmethods_integration_on_prem__integration_server:is_10.15_core_fix2611.1:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). This may allow an authenticated\u00a0attacker to send unauthorized requests from the system, potentially leading to network enumeration or\u00a0facilitating other attacks.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.</p>"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7273550", "tags": ["vendor-advisory", "patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}}], "solutions": [{"lang": "en", "value": "IBM strongly recommends addressing the vulnerability now by applying the mentioned core fixes or later core fixes for the affected versions and following the respective fix readme\u00a0document.\n\n\n\nIS_10.15_Core_Fix27 or later\nIS_11.1_Core_Fix11 or later\n\n\n\nFixes can be downloaded and installed via IBM webMethods Update Manager. Refer to\u00a0 How to Download webMethods Software https://www.ibm.com/support/pages/node/7232491", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IBM strongly recommends addressing the vulnerability now by applying the mentioned core fixes or later core fixes for the affected versions and following the respective fix readme document.</p><p>IS_10.15_Core_Fix27 or later<br>IS_11.1_Core_Fix11 or later</p><p>Fixes can be downloaded and installed via IBM webMethods Update Manager. Refer to <a href=\"https://www.ibm.com/support/pages/node/7232491\" rel=\"nofollow\">How to Download webMethods Software</a></p>"}]}], "x_generator": {"engine": "ibm-cvegen"}}}}