CVE-2025-14912
Server-Side Request Forgery in IBM InfoSphere Info Server
Publication date: 2026-03-25
Last updated on: 2026-03-26
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | infosphere_information_server | From 11.7.0.0 (inc) to 11.7.1.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-14912 is a server-side request forgery (SSRF) vulnerability in IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6. It allows an authenticated attacker to send unauthorized requests from the affected system.
This means that an attacker who has some level of access can trick the server into making requests to other internal or external resources, which the attacker might not normally be able to access directly.
The vulnerability is classified under CWE-918 and has a CVSS v3.1 base score of 5.4, indicating a moderate severity with low confidentiality and integrity impact and no availability impact.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an authenticated attacker to send unauthorized requests from your IBM InfoSphere Information Server system.
Such unauthorized requests could be used for network enumeration, which means the attacker could gather information about your internal network structure and resources.
Additionally, this could facilitate other attacks that leverage the server's ability to make these unauthorized requests, potentially increasing the risk to your network security.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2025-14912 vulnerability in IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6, you should apply the remediation updates provided by IBM.
- Apply APAR DT458451 updates to versions 11.7.1.0, 11.7.1.6, or 11.7.1.6 Service Pack 2.
No workarounds or alternative mitigations are provided, so updating the affected software to the fixed versions is the immediate recommended action.
Additionally, assess the impact of this vulnerability within your environment as advised by IBM.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2025-14912 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.