CVE-2025-1998

CWE-532Log File Information ExposureCWE-416Use After FreeCWE-2035 documents4 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 89.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Devops DeployIBM Urbancode Deploy
Timeline
PublishedMar 27

Description

IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 stores potentially sensitive authentication token information in log files that could be read by a local user.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDibm/devops_deploy8.0.0.08.0.1.5+1
NVDibm/urbancode_deploy7.1.0.07.1.2.22+2
CVEListV5ibm/devops_deploy8.08.0.1.4+1
CVEListV5ibm/urbancode_deploy7.17.1.2.21+2

🔴Vulnerability Details

2
GHSA
GHSA-wvfh-rj9m-fpc6: IBM UrbanCode Deploy (UCD) through 72025-03-27
CVEList
IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy information disclosure2025-03-27

📋Vendor Advisories

2
Microsoft
Spectre v2 SMT mitigations problem in Linux kernel2023-04-11
Microsoft
A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this f2022-06-14
CVE-2025-1998 (MEDIUM CVSS 5.5) | IBM UrbanCode Deploy (UCD) through | cvebase.io