CVE-2025-25045 — Information Exposure via Error Message in IBM Infosphere Information Server

CWE-209 — Information Exposure via Error Message3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 61.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Infosphere Information Server

Timeline

PublishedApr 23

Latest updateApr 24

Description

IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDibm/infosphere_information_server11.7 — 11.7.1

▶CVEListV5ibm/infosphere_information_server11.7

🔴Vulnerability Details

GHSA

GHSA-gfh3-mv29-84hc: IBM InfoSphere Information 11↗2025-04-24

▶

CVEList

IBM InfoSphere Information Server information disclosure↗2025-04-23

▶