CVE-2025-8716

In Content Management versions 20.4- 25.3 authenticated attackers may exploit a complex cache poisoning technique to download unprotected files from the server if the filenames are known.

VectorNETWORK

Published Bysecurity@opentext.com

Published DateSep 11, 2025, 14:15

Weakness Type (CWE):CWE-754

CVSS Metrics

Base Score

5.8

Vector String

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Base Severity

MEDIUM

Version

4.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

LOW

User Interaction (UI)

ACTIVE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

References

https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0847046

Base Score

MEDIUM5.8

Weakness Type (CWE):CWE-754

CVSS Metrics

Base Score

5.8

Vector String

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Base Severity

MEDIUM

Version

4.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

LOW

User Interaction (UI)

ACTIVE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)