← Back

CVE-2025-2697

nvd nist
Published: Aug 26, 2025Modified: Sep 2, 2025

JSON object

Loading...
9.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Exploitability: 2.8 / Impact: 5.8
Source: NVD

Description

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

Affected (2)

Ibm
1 product
Cognos Command Center
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Cognos Command Center
Version 10.2.4.1
Cognos Command Center
Version 10.2.5

Related CWEs

CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (1)

Source: psirt@us.ibm.com
Vendor Advisory

Timeline

No history available yet.