CVE-2025-2824Open Redirect in IBM Operational Decision Manager

CWE-601Open Redirect3 documents3 sources
Severity
7.4HIGHNVD
EPSS
0.0%
top 87.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Operational Decision Manager
Timeline
PublishedAug 1

Description

IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the vict

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:NExploitability: 2.8 | Impact: 4.0

Affected Packages2 packages

CVEListV5ibm/operational_decision_manager5 versions+4

🔴Vulnerability Details

2
CVEList
IBM Operational Decision Manager HTTP open redirect2025-08-01
GHSA
GHSA-p3q2-74hc-43v3: IBM Operational Decision Manager 82025-08-01
CVE-2025-2824 — Open Redirect in IBM | cvebase