CVE-2025-27900

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-27900
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

6.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://www.ibm.com/support/pages/node/7259901 Vendor Advisory Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:db2_recovery_expert:5.5.0:interim_fix_002:*:*:*:linux:*:*
cpe:2.3:a:ibm:db2_recovery_expert:5.5.0:interim_fix_002:*:*:*:unix:*:*
cpe:2.3:a:ibm:db2_recovery_expert:5.5.0:interim_fix_002:*:*:*:windows:*:*
History

26 Feb 2026, 18:04

Type Values Removed Values Added
CPE cpe:2.3:a:ibm:db2_recovery_expert:5.5.0:interim_fix_002:*:*:*:linux:*:*
cpe:2.3:a:ibm:db2_recovery_expert:5.5.0:interim_fix_002:*:*:*:unix:*:*
cpe:2.3:a:ibm:db2_recovery_expert:5.5.0:interim_fix_002:*:*:*:windows:*:*
First Time Ibm db2 Recovery Expert
Ibm
References () https://www.ibm.com/support/pages/node/7259901 - () https://www.ibm.com/support/pages/node/7259901 - Vendor Advisory, Patch

18 Feb 2026, 17:51

Type Values Removed Values Added
Summary
  • (es) IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 podría permitir a un atacante remoto realizar ataques de phishing, utilizando un ataque de redirección abierta. Al persuadir a una víctima para que visite un sitio web especialmente diseñado, un atacante remoto podría explotar esta vulnerabilidad para falsificar la URL mostrada y redirigir a un usuario a un sitio web malicioso que parecería ser de confianza. Esto podría permitir al atacante obtener información altamente sensible o realizar ataques adicionales contra la víctima.

17 Feb 2026, 20:22

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-17 20:22

Updated : 2026-02-26 18:04

NVD link : CVE-2025-27900

Mitre link : CVE-2025-27900

CVE.ORG link : CVE-2025-27900

JSON object : View

Products Affected

ibm

  • db2_recovery_expert
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')