CVE-2025-25045

IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7231332

Configurations

No configuration.

History

29 Apr 2025, 13:52

Type	Values Removed	Values Added
Summary		(es) IBM InfoSphere Information 11.7 Server autenticó al usuario para obtener información confidencial cuando se devolvía un mensaje de error técnico detallado en una solicitud. Esta información podría utilizarse en futuros ataques contra el sistema.

23 Apr 2025, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-23 23:15

Updated : 2025-04-29 13:52

NVD link : CVE-2025-25045

Mitre link : CVE-2025-25045

CVE.ORG link : CVE-2025-25045

JSON object : View

Products Affected

No product.

CWE

CWE-209

Generation of Error Message Containing Sensitive Information

4.3 /10