← back
CVE-2025-9868

Nexus Repository 2 - SSRF Vulnerability in Remote Browser Plugin

CVSS 8.7 HIGHEPSS 0.5%CWE-918
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.7EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
08 Oct 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Server-Side Request Forgery (SSRF) in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attackers to exfiltrate proxy repository credentials via crafted HTTP requests.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
Sonatype · Nexus Repository

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.sonatype.com/hc/en-us/articles/45363201583635