CVE-2025-6505HIGH 8.1EPSS p23.4%

CVE-2025-6505CVE-2025-6505

Description

Unauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress Software's Hybrid Data Pipeline Server on Linux. This vulnerability allows attackers to combine credentials from different sources, potentially leading to client impersonation and unauthorized access.  When OAuth Clients perform an OAuth handshake with the Hybrid Data Pipeline Server, the server accepts client credentials from both HTTP headers and request parameters.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.32% probability of exploitation · percentile 23.4% · 2026-06-19T12:03:05Z
Published2025-07-29
Last modified2025-10-02

Underlying weaknesses· 1

CWE-287

References

  1. https://community.progress.com/s/article/DataDirect-Hybrid-Data-Pipeline-Critical-Security-Product-Alert-Bulletin-July-2025---CVE-2025-6505

1

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-2870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-6504
CVE
CVE-2026-4670
CVE
CVE-2025-55278
CVE
CVE-2025-13774
CVE
CVE-2026-5174
CVE
CVE-2025-10240
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.