{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-8055", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2025-07-22T13:07:46.734Z", "datePublished": "2026-02-19T22:21:06.831Z", "dateUpdated": "2026-02-23T18:12:27.145Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "XM Fax", "vendor": "OpenText\u2122", "versions": [{"status": "affected", "version": "24.2"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Inetum Hacking team, leaded in this research by \u00c1ngel M Sequeira and with the help of @cr33pb0y"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Server-Side Request Forgery (SSRF) vulnerability in OpenText\u2122 XM Fax allows Server Side Request Forgery.&nbsp;\n\n<span style=\"background-color: rgb(255, 255, 255);\">The vulnerability could allow an attacker to</span>\n\n\n\n<span style=\"background-color: rgb(255, 255, 255);\">perform blind SSRF to other systems accessible from the XM Fax server.</span>\n\n<p>This issue affects XM Fax: 24.2.</p>"}], "value": "Server-Side Request Forgery (SSRF) vulnerability in OpenText\u2122 XM Fax allows Server Side Request Forgery.\u00a0\n\nThe vulnerability could allow an attacker to\n\n\n\nperform blind SSRF to other systems accessible from the XM Fax server.\n\nThis issue affects XM Fax: 24.2."}], "impacts": [{"capecId": "CAPEC-664", "descriptions": [{"lang": "en", "value": "CAPEC-664 Server Side Request Forgery"}]}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.3, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:Y/R:A/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2026-02-19T22:21:06.831Z"}, "references": [{"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0847038"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated&amp;sysparm_article=KB0847038\">https://support.opentext.com/csm?id=ot_kb_unauthenticated&amp;sysparm_article=KB0847038</a><br>"}], "value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0847038"}], "source": {"discovery": "UNKNOWN"}, "title": "SSRF vulnerability have been discovered in OpenText\u2122 XM Fax", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-02-23T18:11:09.453344Z", "id": "CVE-2025-8055", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-23T18:12:27.145Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-8055", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2025-07-22T13:07:46.734Z", "datePublished": "2026-02-19T22:21:06.831Z", "dateUpdated": "2026-02-23T18:12:27.145Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "XM Fax", "vendor": "OpenText\u2122", "versions": [{"status": "affected", "version": "24.2"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Inetum Hacking team, leaded in this research by \u00c1ngel M Sequeira and with the help of @cr33pb0y"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Server-Side Request Forgery (SSRF) vulnerability in OpenText\u2122 XM Fax allows Server Side Request Forgery.&nbsp;\n\n<span style=\"background-color: rgb(255, 255, 255);\">The vulnerability could allow an attacker to</span>\n\n\n\n<span style=\"background-color: rgb(255, 255, 255);\">perform blind SSRF to other systems accessible from the XM Fax server.</span>\n\n<p>This issue affects XM Fax: 24.2.</p>"}], "value": "Server-Side Request Forgery (SSRF) vulnerability in OpenText\u2122 XM Fax allows Server Side Request Forgery.\u00a0\n\nThe vulnerability could allow an attacker to\n\n\n\nperform blind SSRF to other systems accessible from the XM Fax server.\n\nThis issue affects XM Fax: 24.2."}], "impacts": [{"capecId": "CAPEC-664", "descriptions": [{"lang": "en", "value": "CAPEC-664 Server Side Request Forgery"}]}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.3, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:Y/R:A/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2026-02-19T22:21:06.831Z"}, "references": [{"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0847038"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated&amp;sysparm_article=KB0847038\">https://support.opentext.com/csm?id=ot_kb_unauthenticated&amp;sysparm_article=KB0847038</a><br>"}], "value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0847038"}], "source": {"discovery": "UNKNOWN"}, "title": "SSRF vulnerability have been discovered in OpenText\u2122 XM Fax", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-8055", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-23T18:11:09.453344Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-23T18:12:21.141Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opentext:xm_fax:24.2:*:*:*:*:*:*:*", "matchCriteriaId": "0FF67468-462A-49E1-90EA-35E20561AD4C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in OpenText\u2122 XM Fax allows Server Side Request Forgery.\u00a0\n\nThe vulnerability could allow an attacker to\n\n\n\nperform blind SSRF to other systems accessible from the XM Fax server.\n\nThis issue affects XM Fax: 24.2."}, {"lang": "es", "value": "La vulnerabilidad de falsificaci\u00f3n de petici\u00f3n del lado del servidor (SSRF) en OpenText\u2122 XM Fax permite la falsificaci\u00f3n de petici\u00f3n del lado del servidor.\n\nLa vulnerabilidad podr\u00eda permitir a un atacante\n\nrealizar SSRF ciego a otros sistemas accesibles desde el servidor XM Fax.\n\nEste problema afecta a XM Fax: 24.2."}], "id": "CVE-2025-8055", "lastModified": "2026-02-27T23:53:31.540", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2026-02-19T23:16:15.483", "references": [{"source": "security@opentext.com", "tags": ["Vendor Advisory"], "url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0847038"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security@opentext.com", "type": "Secondary"}]}

{}