CVE-2025-2140

Published: Oct 12, 2025Modified: Oct 16, 2025

5.7

Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.1 / Impact: 3.6

Source: psirt@us.ibm.com (Secondary)

Description

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data.

Affected (3)

Products: Ibm: Engineering Requirements Management Doors Next

Ibm

1 product

Engineering Requirements Management Doors Next

Configuration A

3 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Ibm Engineering Requirements Management Doors Next	Version 7.0.2
Ibm Engineering Requirements Management Doors Next	Version 7.0.3
Ibm Engineering Requirements Management Doors Next	Version 7.1

Running on/with	Platform Versions
Ibm Aix	All versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Related CWEs

CWE-346

Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

References (1)

https://www.ibm.com/support/pages/node/7247716

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.