CVE 8.7 HIGH

Nexus Repository 2 – SSRF Vulnerability in Remote Browser Plugin_CVE-2025-9868

October 8, 2025 invoker category_cve
8.7 / 10
HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Server-Side Request Forgery (SSRF) in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attackers to exfiltrate proxy repository credentials via crafted HTTP requests.

Basic Information

ID CVE-2025-9868
Source Sonatype
Published Oct 8, 2025 at 17:07
Modified Oct 8, 2025 at 17:23

Affected Product

Vendor Sonatype
Product Nexus Repository
Version 2.0.0
Affected Versions Sonatype Nexus Repository 2.0.0

CWE Classification

CWE-918

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.