← volver
CVE-2025-9868

Nexus Repository 2 - SSRF Vulnerability in Remote Browser Plugin

CVSS 8.7 HIGHEPSS 0.5%CWE-918
Server-Side Request Forgery (SSRF) in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attackers to exfiltrate proxy repository credentials via crafted HTTP requests.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
Sonatype · Nexus Repository

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://support.sonatype.com/hc/en-us/articles/45363201583635