What is CVE-2025-9868?

CVE-2025-9868 is a vulnerability in Sonatype Nexus Repository, classified under Server-Side Request Forgery (SSRF). Published 2025-10-08.

Is CVE-2025-9868 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SSRF in Sonatype Nexus Repository

CVE-2025-9868

Server-Side Request Forgery (SSRF) in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attackers to exfiltrate proxy repository credentials via crafted HTTP requests.

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.002 (45.6th percentile) — read the EPSS interpretation.

Affected products

Sonatype Nexus Repository — versions 2.0.0

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

support.sonatype.com/hc/en-us/articles/45363201583635 (vendor-advisory)

Frequently asked questions

What is CVE-2025-9868?: CVE-2025-9868 is a vulnerability in Sonatype Nexus Repository, classified under Server-Side Request Forgery (SSRF). Published 2025-10-08.
Is CVE-2025-9868 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.