CVE-2025-8055 | THREATINT

Description

Server-Side Request Forgery (SSRF) vulnerability in OpenText™ XM Fax allows Server Side Request Forgery. The vulnerability could allow an attacker to perform blind SSRF to other systems accessible from the XM Fax server. This issue affects XM Fax: 24.2.

PUBLISHED Reserved 2025-07-22 | Published 2026-02-19 | Updated 2026-02-23 | Assigner OpenText

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:Y/R:A/V:D/RE:M/U:Amber

Problem types

CWE-918 Server-Side Request Forgery (SSRF)

Product status

Default status

unaffected

24.2

affected

Credits

Inetum Hacking team, leaded in this research by Ángel M Sequeira and with the help of @cr33pb0y finder

References

support.opentext.com/...henticated&sysparm_article=KB0847038

cve.org (CVE-2025-8055)

nvd.nist.gov (CVE-2025-8055)

Download JSON