CVE-2025-25046

Published: Apr 23, 2025Modified: Aug 12, 2025

3.7

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.2 / Impact: 1.4

Source: psirt@us.ibm.com (Secondary)

Description

IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques.

Affected (1)

Products: Ibm: Infosphere Information Server

Ibm

1 product

Infosphere Information Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ibm Infosphere Information Server	Version 11.7

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (1)

https://www.ibm.com/support/pages/node/7231333

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.