Primary

Context

OpenText Content Management Cache Poisoning Vulnerability Allowing Unauthorized File Downloads

Vulnerability

Patched

A cache poisoning vulnerability has been identified in OpenText Content Management (Extended ECM) versions 20.4 prior to 25.3. This vulnerability allows authenticated attackers to download unprotected files from the server, provided they know the exact filenames. The issue arises from a complex cache exploitation technique.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the server.

Remediation

Users can upgrade to OpenText Content Management CE 25.4 or later. Hotfixes for Content Management (Extended ECM) CE 23.4-25.3 are available through OpenText My Support. Customers using Content Management (Extended ECM) CE 20.4-23.3 should upgrade to at least CE 23.4 and apply the relevant hotfix. As an additional mitigation, customers can restrict the 'Download as Spreadsheet' operation privilege to trusted users only.

Added: Sep 11, 2025, 2:16 PM

Updated: Sep 11, 2025, 5:17 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

7.9

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

7.9

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenText Content Management Cache Poisoning Vulnerability Allowing Unauthorized File Downloads

Vulnerability

Impact

Remediation

Affected Products

OpenText Content Management

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating