Sonatype Nexus Repository 2 Remote Browser Plugin SSRF Vulnerability (CVE-2025-9868)

Key Information Vulnerability ID: CVE-2025-9868 Affected Versions: All Sonatype Nexus Repository Manager 2.x OSS/Pro versions Date: October 8, 2025 Summary: A vulnerability has been discovered in Nexus Repository 2. Attackers can exploit the Remote Browser plugin to send arbitrary HTTP GET requests to servers under their control. If the affected Nexus Repository Manager 2 instance is configured with authenticated proxy repositories, credentials may be leaked to the attacker. This vulnerability can be exploited without authentication. Recommended Actions: - Disable or remove the Remote Browser plugin from Nexus Repository 2. - Place Nexus Repository Manager 2 instances behind a restrictive reverse proxy or firewall to limit outbound connections. Acknowledgments: This issue was responsibly discovered and reported by Michael Stepenkin via GitHub Security Lab through Sonatype’s Bug Bounty Program. FAQ: - Risk: Unauthorized attackers can use the Remote Browser plugin to send arbitrary HTTP requests to servers under their control. If proxy repositories are configured with authentication, their credentials may be leaked. - Vulnerability Conditions: The Nexus Repository 2.x instance must have the Remote Browser plugin enabled (enabled by default). If proxy repositories are configured with authentication, their credentials may be exposed. - Consequences: Disclosure means malicious actors may attempt to exploit this vulnerability. While we are limiting technical details in this advisory, organizations should treat running Nexus Repository 2 as a critical risk and take immediate action. - Getting More Information: Out of caution for our user community, we are limiting the sharing of technical details. - Why Sonatype is Publicly Disclosing This: As part of our responsible disclosure process, we are providing this information to help organizations protect themselves and encourage immediate migration from unsupported Nexus Repository versions. - How to Remove the Remote Browser Plugin: Detailed steps are provided.

Goal Reached Thanks to every supporter — we hit 100%!

Sonatype Nexus Repository 2 Remote Browser Plugin SSRF Vulnerability (CVE-2025-9868)