1. Home
  2. CVE Database
  3. CVE-2025-6505
HIGH · 8.1

CVE-2025-6505

Unauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress Software's Hybrid Data Pipeline Server on Linux. This vulnerability allows attackers to combine credentials...

Vulnerability Description

Unauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress Software's Hybrid Data Pipeline Server on Linux. This vulnerability allows attackers to combine credentials from different sources, potentially leading to client impersonation and unauthorized access.  When OAuth Clients perform an OAuth handshake with the Hybrid Data Pipeline Server, the server accepts client credentials from both HTTP headers and request parameters.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
ProgressHybrid Data Pipeline< 4.6.2.3275
LinuxLinux Kernel-

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2025-6505?

CVE-2025-6505 is a vulnerability with a CVSS score of 8.1 (HIGH). Unauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress Software's Hybrid Data Pipeline Server on Linux. This vulnerability allows attackers to combine credentials...

How severe is CVE-2025-6505?

CVE-2025-6505 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-6505?

Check the references section above for vendor advisories and patch information. Affected products include: Progress Hybrid Data Pipeline, Linux Linux Kernel.