CVE-2025-14290
MEDIUM WAF: Medium
CVSS 5.4
Published: 2026-05-26
CWE-918
IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). This may allow an authenticatedĀ attacker to send unauthorized requests from the system, potentially leading to network enumeration orĀ facilitating other attacks.
WAF Coverage Analysis
Server-Side Request Forgery (SSRF)
Medium WAF Coverage
OWASP: A10:2021 SSRF
934xxx - Node.js / Generic Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| ibm | webmethods_integration_server | 10.15.0 |
| ibm | webmethods_integration_server | 11.1.0 |
References
- www.ibm.com (Vendor Advisory)