CVE-2025-0154 — Improper Neutralization of HTTP Headers for Scripting Syntax in IBM Txseries FOR Multiplatforms

CWE-644 — Improper Neutralization of HTTP Headers for Scripting Syntax3 documents3 sources

Severity

7.5HIGHNVD

CNA5.3

EPSS

0.2%

top 54.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Txseries FOR Multiplatforms

Timeline

PublishedApr 2

Description

IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote attacker due to improper neutralization of HTTP headers.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/txseries_for_multiplatforms11.1, 9.1+1

▶NVDibm/txseries11.1, 9.1+1

🔴Vulnerability Details

GHSA

GHSA-3v39-cfpx-f2w7: IBM TXSeries for Multiplatforms 9↗2025-04-02

▶

CVEList

IBM TXSeries for Multiplatforms information disclosure↗2025-04-02

▶