Oxygen Server Allows Hackers to Access Unauthorized Data

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.2

Oxygen Server Allows Hackers to Access Unauthorized Data

CVE-2025-69299

Summary

The Oxygen server software has a security weakness that allows hackers to trick it into visiting unauthorized websites. This can happen if an attacker sends the server a specially crafted request. To stay safe, update Oxygen to version 6.0.9 or later.

Original title

Server-Side Request Forgery (SSRF) vulnerability in Laborator Oxygen oxygen allows Server Side Request Forgery.This issue affects Oxygen: from n/a through <= 6.0.8.

Original description

Server-Side Request Forgery (SSRF) vulnerability in Laborator Oxygen oxygen allows Server Side Request Forgery.This issue affects Oxygen: from n/a through <= 6.0.8.

nvd CVSS3.1 7.2

Vulnerability type

CWE-918 Server-Side Request Forgery (SSRF)

https://patchstack.com/database/Wordpress/Theme/oxygen/vulnerability/wordpress-o...

Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026