CVE-2025-8055 MEDIUM

CVE-2025-8055: SSRF vulnerability have been discovered in OpenText™ XM Fax

Vendor Opentext™

Product XM Fax

Weakness CWE-918 · SSRF

Published February 19, 2026

Last update February 23, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:Y/R:A/V:D/RE:M/U:Amber

What the vulnerability does

01Description

Server-Side Request Forgery (SSRF) vulnerability in OpenText™ XM Fax allows Server Side Request Forgery. The vulnerability could allow an attacker to perform blind SSRF to other systems accessible from the XM Fax server. This issue affects XM Fax: 24.2.

Key dates

02Disclosure timeline

February 19, 2026 CVE published

February 23, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-8055 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/918.html

Related vulnerabilities

04Related CVE

CVE-2022-23544 Server-Side Request Forgery in Metersphere leads to Cross-Site Scripting CVE-2025-58641 WordPress Exit Intent Popup Plugin <= 1.0.1 - Server Side Request Forgery (SSRF) Vulnerability CVE-2023-49159 WordPress CommentLuv Plugin <= 3.0.4 is vulnerable to Server Side Request Forgery (SSRF) CVE-2026-6606 modelscope agentscope _agent_base.py _process_audio_block server-side request forgery CVE-2025-20371 Unauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise