CVE-2025-36223

CWE-644CWE-125Out-of-bounds Read4 documents4 sources
Severity
6.1MEDIUM
EPSS
0.0%
top 94.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Openpages
Timeline
PublishedNov 12

Description

IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

CVEListV5ibm/openpages9.0, 9.1+1
NVDibm/openpages9.0.0, 9.1.0+1

🔴Vulnerability Details

2
CVEList
IBM OpenPages Host Header Injection2025-11-12
GHSA
GHSA-57xh-vr62-7qqc: IBM OpenPages 92025-11-12

📋Vendor Advisories

1
Microsoft
A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling resulting in denial of service (double free and out-of-bounds read).2021-01-12
CVE-2025-36223 (MEDIUM CVSS 6.1) | IBM OpenPages 9.0 and 9.1 is vulner | cvebase.io