CVE-2025-8055

Server-Side Request Forgery (SSRF) vulnerability in OpenText™ XM Fax allows Server Side Request Forgery. The vulnerability could allow an attacker to perform blind SSRF to other systems accessible from the XM Fax server. This issue affects XM Fax: 24.2.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0847038	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:opentext:xm_fax:24.2:*:*:*:*:*:*:*

History

27 Feb 2026, 23:53

Type	Values Removed	Values Added
First Time		Opentext Opentext xm Fax
CPE		cpe:2.3:a:opentext:xm_fax:24.2:::::::*
References	~~() https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0847038 -~~	() https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0847038 - Vendor Advisory

23 Feb 2026, 19:22

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de falsificación de petición del lado del servidor (SSRF) en OpenText™ XM Fax permite la falsificación de petición del lado del servidor. La vulnerabilidad podría permitir a un atacante realizar SSRF ciego a otros sistemas accesibles desde el servidor XM Fax. Este problema afecta a XM Fax: 24.2.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3

19 Feb 2026, 23:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-19 23:16

Updated : 2026-02-27 23:53

NVD link : CVE-2025-8055

Mitre link : CVE-2025-8055

CVE.ORG link : CVE-2025-8055

JSON object : View

Products Affected

opentext

xm_fax

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2025-8055", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security@opentext.com", "cvssData": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 5.3, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:D/RE:M/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-19T23:16:15.483", "references": [{"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0847038", "tags": ["Vendor Advisory"], "source": "security@opentext.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@opentext.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in OpenText\u2122 XM Fax allows Server Side Request Forgery.\u00a0\n\nThe vulnerability could allow an attacker to\n\n\n\nperform blind SSRF to other systems accessible from the XM Fax server.\n\nThis issue affects XM Fax: 24.2."}, {"lang": "es", "value": "La vulnerabilidad de falsificaci\u00f3n de petici\u00f3n del lado del servidor (SSRF) en OpenText\u2122 XM Fax permite la falsificaci\u00f3n de petici\u00f3n del lado del servidor.\n\nLa vulnerabilidad podr\u00eda permitir a un atacante\n\nrealizar SSRF ciego a otros sistemas accesibles desde el servidor XM Fax.\n\nEste problema afecta a XM Fax: 24.2."}], "lastModified": "2026-02-27T23:53:31.540", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opentext:xm_fax:24.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FF67468-462A-49E1-90EA-35E20561AD4C"}], "operator": "OR"}]}], "sourceIdentifier": "security@opentext.com"}