CVE-2025-2895

CWE-80CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.0%
top 89.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cloud PAK System
Timeline
PublishedJun 30

Description

IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5ibm/cloud_pak_system2.3.3.62.3.36 iFix1+3
NVDibm/cloud_pak_system4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-5p4x-fj73-85h8: IBM Cloud Pak System 22025-06-30
CVEList
IBM Cloud Pak System HTML injection2025-06-30
CVE-2025-2895 (MEDIUM CVSS 5.4) | IBM Cloud Pak System 2.3.3.6 | cvebase.io