CVE-2025-2138

Published: Oct 12, 2025Modified: Oct 16, 2025

3.5

Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.1 / Impact: 1.4

Source: NVD

Description

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security.

Affected (3)

Products: Ibm: Engineering Requirements Management Doors Next

Ibm

1 product

Engineering Requirements Management Doors Next

Configuration A

3 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Ibm Engineering Requirements Management Doors Next	Version 7.0.2
Ibm Engineering Requirements Management Doors Next	Version 7.0.3
Ibm Engineering Requirements Management Doors Next	Version 7.1

Running on/with	Platform Versions
Ibm Aix	All versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Related CWEs

CWE-602

Client-Side Enforcement of Server-Side Security

The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

References (1)

https://www.ibm.com/support/pages/node/7247716

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.