PT-2025-31201 · Progress · Hybrid Data Pipeline Server
Published
2025-07-29
·
Updated
2025-08-03
·
CVE-2025-6505
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Progress Software Hybrid Data Pipeline Server versions 4.6.2.3226 and below
Description
The Hybrid Data Pipeline Server is susceptible to unauthorized access and impersonation. Attackers can combine credentials from multiple sources, potentially leading to client impersonation and unauthorized access. During an OAuth handshake, the server accepts client credentials from both HTTP headers and request parameters.
Recommendations
Update to a version later than 4.6.2.3226.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hybrid Data Pipeline Server