CVE-2025-14148

CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.0%
top 87.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Devops DeployIBM UCD - IBM Devops Deploy
Timeline
PublishedDec 15

Description

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDibm/devops_deploy8.1.0.08.1.2.4
CVEListV5ibm/ucd_-_ibm_devops_deploy8.18.1.2.3

🔴Vulnerability Details

2
CVEList
IBM DevOps Deploy is susceptible to a Insufficiently Protected Credentials vulnerability2025-12-15
GHSA
GHSA-4jrc-v4m5-g6r4: IBM UCD - IBM DevOps Deploy 82025-12-15
CVE-2025-14148 (MEDIUM CVSS 6.5) | IBM UCD - IBM DevOps Deploy 8.1 thr | cvebase.io