CVE-2025-8055 – This Server-Side Request Forgery (SSRF) vulnera... (How to Fix)

Q: What is the severity of CVE-2025-8055?

CVE-2025-8055 has a CVSS score of 5.3 (MEDIUM). This Server-Side Request Forgery (SSRF) vulnerability in OpenText XM Fax allows attackers to make the vulnerable server send requests to internal systems. It affects XM Fax version 24.2 and could enable attackers to probe internal networks or interact with internal services.

📋 TL;DR

This Server-Side Request Forgery (SSRF) vulnerability in OpenText XM Fax allows attackers to make the vulnerable server send requests to internal systems. It affects XM Fax version 24.2 and could enable attackers to probe internal networks or interact with internal services.

💻 Affected Systems

Products:

OpenText XM Fax

Versions: 24.2

Operating Systems: Not specified in advisory

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the default configuration of XM Fax 24.2

📦 What is this software?

Xm Fax by Opentext

View all CVEs affecting Xm Fax →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker accesses sensitive internal systems, exfiltrates data, or performs lateral movement to critical infrastructure

🟠

Likely Case

Attacker maps internal network, interacts with internal APIs/services, or performs limited data exfiltration

🟢

If Mitigated

Limited to network reconnaissance with no critical data exposure due to network segmentation

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SSRF vulnerabilities typically have low exploitation complexity, especially when unauthenticated

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 24.2.1

Vendor Advisory: https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0847038

Restart Required: Yes

Instructions:

1. Download patch from OpenText support portal. 2. Backup current installation. 3. Apply patch following vendor instructions. 4. Restart XM Fax services.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict outbound network access from XM Fax server to only required destinations

Input Validation

all

Implement strict URL validation and whitelist allowed domains in application configuration

🧯 If You Can't Patch

Implement strict network egress filtering to limit XM Fax server outbound connections
Deploy web application firewall with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check XM Fax version in administration interface or configuration files

Check Version:

Check XM Fax web interface or consult product documentation for version command

Verify Fix Applied:

Verify version is 24.2.1 or later and test SSRF attempts are blocked

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from XM Fax server
Requests to internal IP ranges from XM Fax

Network Indicators:

XM Fax server making requests to unexpected internal destinations
HTTP traffic from XM Fax to non-standard ports

SIEM Query:

source="xm-fax-logs" AND (url CONTAINS "internal" OR url CONTAINS "localhost" OR url CONTAINS "127.0.0.1")

📊 Metadata

CVE ID: CVE-2025-8055

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-918

Published: February 19, 2026

Last Updated: February 27, 2026

🔗 References

https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0847038 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8055, you might also want to check these: