CVE-2025-69299 describes a Server-Side Request Forgery vulnerability in Laborator Oxygen software versions up to 6.0.8. The vulnerability allows remote attackers to cause the server to send crafted requests, potentially exposing or modifying sensitive information. The CVSS score of 7.2 reflects a high-severity issue with network attack vector, low attack complexity, no privileges required, no user interaction, and impacts on confidentiality and integrity but not availability. No patch or vendor advisory information is provided, and no exploits are known in the wild. The product is not cloud-hosted, so remediation depends on vendor patch release.

The vulnerability could allow an unauthenticated remote attacker to perform SSRF attacks, potentially leading to partial disclosure or modification of sensitive data within the affected system. There is no indication of availability impact. No known exploits have been reported, so the practical impact may be limited until exploitation occurs.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor Laborator's official channels for updates. Until a fix is available, consider restricting server outbound requests where possible to limit SSRF attack surface.